| #
0028a23b |
| 20-Dec-2012 |
Dr. Stephen Henson |
revert OCSP_basic_verify changes: they aren't needed now we support partial chain verification and can pass verify options to ocsp utility
|
| #
e9754726 |
| 15-Dec-2012 |
Dr. Stephen Henson |
Check chain is not NULL before assuming we have a validated chain.
The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust pa
Check chain is not NULL before assuming we have a validated chain.
The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust partial chains.
show more ...
|
| #
2a21cdbe |
| 13-Dec-2012 |
Dr. Stephen Henson |
Use new partial chain flag instead of modifying input parameters.
|
| #
ec40e5ff |
| 10-Dec-2012 |
Ben Laurie |
Tabification. Remove accidental duplication.
|
| #
30c278aa |
| 07-Dec-2012 |
Ben Laurie |
Fix OCSP checking.
|
| #
2fceff5b |
| 29-Nov-2012 |
Dr. Stephen Henson |
PR: 2803
Submitted by: jean-etienne.schwartz@bull.net
In OCSP_basic_varify return an error if X509_STORE_CTX_init fails.
|
|
Revision tags: OpenSSL-fips-2_0-pl1, OpenSSL-fips-2_0_2, OpenSSL-fips-2_0_1, OpenSSL_1_0_1c, OpenSSL_1_0_0j, OpenSSL_0_9_8x, OpenSSL_1_0_1b, OpenSSL_0_9_8w, OpenSSL_1_0_1a, OpenSSL_0_9_8v, OpenSSL_1_0_0i, OpenSSL_1_0_1, OpenSSL_1_0_0h, OpenSSL_0_9_8u, OpenSSL_1_0_1-beta3, OpenSSL_1_0_1-beta2, OpenSSL-fips-2_0, OpenSSL_1_0_0g, OpenSSL_0_9_8t, OpenSSL_0_9_8s, OpenSSL_1_0_0f, OpenSSL-fips-2_0-rc8, OpenSSL_1_0_1-beta1, OpenSSL-fips-2_0-rc7, OpenSSL-fips-2_0-rc6, OpenSSL-fips-2_0-rc5, OpenSSL-fips-2_0-rc4, OpenSSL-fips-2_0-rc3, OpenSSL-fips-2_0-rc2, OpenSSL-fips-2_0-rc1, OpenSSL-fips-1_2_3, OpenSSL-fips-1_2_2, OpenSSL-fips-1_2_1, OpenSSL_1_0_0e, OpenSSL_1_0_0d, OpenSSL_0_9_8r, OpenSSL_0_9_8q, OpenSSL_1_0_0c, OpenSSL_0_9_8p, OpenSSL_1_0_0b, OpenSSL_0_9_8o, OpenSSL_1_0_0a, OpenSSL_1_0_0, OpenSSL_0_9_8n, OpenSSL_0_9_8m, OpenSSL_0_9_8m-beta1, OpenSSL_1_0_0-beta5, OpenSSL_1_0_0-beta4, OpenSSL_0_9_8l, OpenSSL_1_0_0-beta3, OpenSSL_1_0_0-beta2, OpenSSL_1_0_0-beta1, OpenSSL_0_9_8k, OpenSSL_0_9_8j |
|
| #
0eab41fb |
| 29-Dec-2008 |
Ben Laurie |
If we're going to return errors (no matter how stupid), then we should
test for them!
|
| #
2e597528 |
| 05-Nov-2008 |
Dr. Stephen Henson |
Update obsolete email address...
|
|
Revision tags: OpenSSL_0_9_8i, OpenSSL_0_9_8h |
|
| #
cec2538c |
| 04-Dec-2007 |
Dr. Stephen Henson |
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP cert
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
Use default algorithms for OCSP request and response signing. New command
line option to support other digest use for OCSP certificate IDs.
show more ...
|
|
Revision tags: OpenSSL_0_9_8g, OpenSSL_0_9_8f, FIPS_098_TEST_8, FIPS_098_TEST_7, FIPS_098_TEST_6, FIPS_098_TEST_5, FIPS_098_TEST_4, FIPS_098_TEST_3, FIPS_098_TEST_2, FIPS_098_TEST_1, OpenSSL_0_9_7m, OpenSSL_0_9_8e |
|
| #
28b987ae |
| 13-Nov-2006 |
Dr. Stephen Henson |
Don't assume requestorName is present for signed requests. ASN1 OCSP module
fix: certs field is OPTIONAL.
|
|
Revision tags: OpenSSL_0_9_7l, OpenSSL_0_9_8d, OpenSSL_0_9_8c, OpenSSL_0_9_7k, OpenSSL_0_9_7j, OpenSSL_0_9_8b, OpenSSL_FIPS_1_0, OpenSSL_0_9_7i, OpenSSL_0_9_8a, OpenSSL_0_9_7h, OpenSSL_0_9_8, FIPS_TEST_10, OpenSSL_0_9_8-beta6, OpenSSL_0_9_8-beta5, FIPS_TEST_9, OpenSSL_0_9_8-beta4, OpenSSL_0_9_8-beta3, BEN_FIPS_TEST_8, OpenSSL_0_9_8-beta2, OpenSSL_0_9_8-beta1, OpenSSL_0_9_7g, OpenSSL_0_9_7f, BEN_FIPS_TEST_7, BEN_FIPS_TEST_6, OpenSSL_0_9_7e, OpenSSL_0_9_7d, OpenSSL-engine-0_9_6m, OpenSSL_0_9_6m, LEVITTE_after_const, LEVITTE_before_const |
|
| #
91180d45 |
| 04-Mar-2004 |
Dr. Stephen Henson |
Typos.
Reported by: Jose Castejon-Amenedo <Jose.Castejon-Amenedo@hp.com>
|
|
Revision tags: BEN_FIPS_TEST_5, BEN_FIPS_TEST_4, OpenSSL-engine-0_9_6l, OpenSSL_0_9_6l, BEN_FIPS_TEST_3, BEN_FIPS_TEST_2, BEN_FIPS_TEST_1, OpenSSL-engine-0_9_6k, OpenSSL_0_9_6k, OpenSSL_0_9_7c, OpenSSL-engine-0_9_6j, OpenSSL_0_9_7b, OpenSSL_0_9_6j, OpenSSL-engine-0_9_6i, OpenSSL_0_9_6i, OpenSSL_0_9_7a, OpenSSL_0_9_7, OpenSSL_0_9_7-beta6, STATE_after_zlib, STATE_before_zlib, OpenSSL_0_9_7-beta5, OpenSSL-engine-0_9_6h, OpenSSL_0_9_6h, OpenSSL_0_9_7-beta4, OpenSSL-engine-0_9_6g, OpenSSL_0_9_6g, OpenSSL-engine-0_9_6f, OpenSSL_0_9_6f, OpenSSL_0_9_7-beta3, OpenSSL-engine-0_9_6e, OpenSSL_0_9_6e, OpenSSL_0_9_7-beta2, OpenSSL_0_9_7-beta1, AFTER_COMPAQ_PATCH, BEFORE_COMPAQ_PATCH, OpenSSL-engine-0_9_6d, OpenSSL_0_9_6d, OpenSSL-engine-0_9_6d-beta1, OpenSSL_0_9_6d-beta1, OpenSSL-engine-0_9_6c, OpenSSL_0_9_6c |
|
| #
79aa04ef |
| 01-Sep-2001 |
Geoff Thorpe |
Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actuall
Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
show more ...
|
| #
192ebef8 |
| 11-Jul-2001 |
Dr. Stephen Henson |
In ocsp_match_issuerid() we are passed the CA that signed the responder
certificate so need to match its subject with the certificate IDs in the
response.
|
|
Revision tags: OpenSSL-engine-0_9_6b, OpenSSL_0_9_6b, OpenSSL_0_9_6a, OpenSSL-engine-0_9_6a, OpenSSL-engine-0_9_6a-beta3, OpenSSL_0_9_6a-beta3, OpenSSL-engine-0_9_6a-beta2, OpenSSL_0_9_6a-beta2, OpenSSL-engine-0_9_6a-beta1, OpenSSL_0_9_6a-beta1 |
|
| #
d7bbd31e |
| 26-Feb-2001 |
Dr. Stephen Henson |
Typo in comment.
|
| #
fafc7f98 |
| 26-Feb-2001 |
Dr. Stephen Henson |
Enhance OCSP_request_verify() so it finds the signers certificate
properly and supports several flags.
|
| #
3ebac273 |
| 20-Feb-2001 |
Richard Levitte |
Include string.h so mem* functions get properly declared.
|
| #
88ce56f8 |
| 02-Feb-2001 |
Dr. Stephen Henson |
Various function for commmon operations.
|
| #
50d51991 |
| 26-Jan-2001 |
Dr. Stephen Henson |
New OCSP response verify option OCSP_TRUSTOTHER
|
| #
73758d43 |
| 19-Jan-2001 |
Dr. Stephen Henson |
Additional functionality in ocsp utility: print summary
of status info. Check nonce values. Option to disable
verify. Update usage message.
Rename status to string functions and make
Additional functionality in ocsp utility: print summary
of status info. Check nonce values. Option to disable
verify. Update usage message.
Rename status to string functions and make them global.
show more ...
|
| #
e8af92fc |
| 18-Jan-2001 |
Dr. Stephen Henson |
Implement remaining OCSP verify checks in
accordance with RFC2560.
|
| #
81f169e9 |
| 17-Jan-2001 |
Dr. Stephen Henson |
Initial OCSP certificate verify. Not complete,
it just supports a "trusted OCSP global root CA".
|
| #
9b4dc830 |
| 11-Jan-2001 |
Dr. Stephen Henson |
OCSP basic response verify. Very incomplete
but will verify the signatures on a response
and locate the signers certifcate.
Still needs to implement a proper OCSP certificate
ver
OCSP basic response verify. Very incomplete
but will verify the signatures on a response
and locate the signers certifcate.
Still needs to implement a proper OCSP certificate
verify.
Fix warning in RAND_egd().
show more ...
|
