|
Revision tags: OpenSSL_0_9_8m-beta1, OpenSSL_1_0_0-beta5 |
|
| #
fdb2c6e4 |
| 09-Dec-2009 |
Dr. Stephen Henson |
PR: 2124
Submitted by: Jan Pechanec <Jan.Pechanec@Sun.COM>
Check for memory allocation failures.
|
|
Revision tags: OpenSSL_1_0_0-beta4, OpenSSL_0_9_8l |
|
| #
a5b37fca |
| 18-Oct-2009 |
Dr. Stephen Henson |
Add "missing" function X509_STORE_set_verify_cb().
|
|
Revision tags: OpenSSL_1_0_0-beta3, OpenSSL_1_0_0-beta2, OpenSSL_1_0_0-beta1, OpenSSL_0_9_8k, OpenSSL_0_9_8j, OpenSSL_0_9_8i, OpenSSL_0_9_8h, OpenSSL_0_9_8g, OpenSSL_0_9_8f, FIPS_098_TEST_8, FIPS_098_TEST_7, FIPS_098_TEST_6, FIPS_098_TEST_5, FIPS_098_TEST_4, FIPS_098_TEST_3, FIPS_098_TEST_2, FIPS_098_TEST_1, OpenSSL_0_9_7m, OpenSSL_0_9_8e, OpenSSL_0_9_7l, OpenSSL_0_9_8d |
|
| #
019bfef8 |
| 26-Sep-2006 |
Dr. Stephen Henson |
Initialize new callbacks and make sure hent is always initialized.
|
| #
5d20c4fb |
| 17-Sep-2006 |
Dr. Stephen Henson |
Overhaul of by_dir code to handle dynamic loading of CRLs.
|
| #
016bc5ce |
| 11-Sep-2006 |
Dr. Stephen Henson |
Fixes for new CRL/cert callbacks. Update CRL processing code to use new
callbacks.
|
| #
4d50a2b4 |
| 10-Sep-2006 |
Dr. Stephen Henson |
Add verify callback functions to lookup a STACK of matching certs or CRLs
based on subject name.
New thread safe functions to retrieve matching STACK from X509_STORE.
Cache some
Add verify callback functions to lookup a STACK of matching certs or CRLs
based on subject name.
New thread safe functions to retrieve matching STACK from X509_STORE.
Cache some IDP components.
show more ...
|
|
Revision tags: OpenSSL_0_9_8c, OpenSSL_0_9_7k |
|
| #
f6e7d014 |
| 25-Jul-2006 |
Dr. Stephen Henson |
Support for multiple CRLs with same issuer name in X509_STORE. Modify
verify logic to try to use an unexpired CRL if possible.
|
|
Revision tags: OpenSSL_0_9_7j, OpenSSL_0_9_8b, OpenSSL_FIPS_1_0, OpenSSL_0_9_7i, OpenSSL_0_9_8a, OpenSSL_0_9_7h, OpenSSL_0_9_8, FIPS_TEST_10, OpenSSL_0_9_8-beta6, OpenSSL_0_9_8-beta5, FIPS_TEST_9, OpenSSL_0_9_8-beta4, OpenSSL_0_9_8-beta3, BEN_FIPS_TEST_8, OpenSSL_0_9_8-beta2, OpenSSL_0_9_8-beta1 |
|
| #
8afca8d9 |
| 11-May-2005 |
Bodo Möller |
Fix more error codes.
(Also improve util/ck_errf.pl script, and occasionally
fix source code formatting.)
|
|
Revision tags: OpenSSL_0_9_7g, OpenSSL_0_9_7f, BEN_FIPS_TEST_7, BEN_FIPS_TEST_6, OpenSSL_0_9_7e |
|
| #
5d7c222d |
| 06-Sep-2004 |
Dr. Stephen Henson |
New X509_VERIFY_PARAM structure and associated functionality.
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related co
New X509_VERIFY_PARAM structure and associated functionality.
This tidies up verify parameters and adds support for integrated policy
checking.
Add support for policy related command line options. Currently only in smime
application.
WARNING: experimental code subject to change.
show more ...
|
|
Revision tags: OpenSSL_0_9_7d, OpenSSL-engine-0_9_6m, OpenSSL_0_9_6m, LEVITTE_after_const, LEVITTE_before_const, BEN_FIPS_TEST_5, BEN_FIPS_TEST_4, OpenSSL-engine-0_9_6l, OpenSSL_0_9_6l, BEN_FIPS_TEST_3, BEN_FIPS_TEST_2, BEN_FIPS_TEST_1, OpenSSL-engine-0_9_6k, OpenSSL_0_9_6k, OpenSSL_0_9_7c, OpenSSL-engine-0_9_6j, OpenSSL_0_9_7b, OpenSSL_0_9_6j, OpenSSL-engine-0_9_6i, OpenSSL_0_9_6i, OpenSSL_0_9_7a, OpenSSL_0_9_7, OpenSSL_0_9_7-beta6, STATE_after_zlib, STATE_before_zlib, OpenSSL_0_9_7-beta5, OpenSSL-engine-0_9_6h, OpenSSL_0_9_6h, OpenSSL_0_9_7-beta4, OpenSSL-engine-0_9_6g, OpenSSL_0_9_6g, OpenSSL-engine-0_9_6f, OpenSSL_0_9_6f, OpenSSL_0_9_7-beta3, OpenSSL-engine-0_9_6e, OpenSSL_0_9_6e, OpenSSL_0_9_7-beta2, OpenSSL_0_9_7-beta1, AFTER_COMPAQ_PATCH, BEFORE_COMPAQ_PATCH, OpenSSL-engine-0_9_6d, OpenSSL_0_9_6d, OpenSSL-engine-0_9_6d-beta1, OpenSSL_0_9_6d-beta1, OpenSSL-engine-0_9_6c, OpenSSL_0_9_6c |
|
| #
79aa04ef |
| 01-Sep-2001 |
Geoff Thorpe |
Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actuall
Make the necessary changes to work with the recent "ex_data" overhaul.
See the commit log message for that for more information.
NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented
(initialisation by "memset" won't/can't/doesn't work). This fixes that but
requires that X509_STORE_CTX_init() be able to handle errors - so its
prototype has been changed to return 'int' rather than 'void'. All uses of
that function throughout the source code have been tracked down and
adjusted.
show more ...
|
|
Revision tags: OpenSSL-engine-0_9_6b, OpenSSL_0_9_6b |
|
| #
926a56bf |
| 10-May-2001 |
Dr. Stephen Henson |
Purpose and trust setting functions for X509_STORE.
Tidy existing code.
|
| #
bdee69f7 |
| 09-May-2001 |
Dr. Stephen Henson |
Allow various X509_STORE_CTX properties to be
inherited from X509_STORE.
Add CRL checking options to other applications.
|
|
Revision tags: OpenSSL_0_9_6a, OpenSSL-engine-0_9_6a, OpenSSL-engine-0_9_6a-beta3, OpenSSL_0_9_6a-beta3, OpenSSL-engine-0_9_6a-beta2, OpenSSL_0_9_6a-beta2, OpenSSL-engine-0_9_6a-beta1, OpenSSL_0_9_6a-beta1, rsaref, BEFORE_engine, OpenSSL_0_9_6-beta2, OpenSSL_0_9_6-beta1, OpenSSL_0_9_6, OpenSSL-engine-0_9_6, OpenSSL-engine-0_9_6-beta3, OpenSSL_0_9_6-beta3, OpenSSL-engine-0_9_6-beta2, OpenSSL-engine-0_9_6-beta1 |
|
| #
15387be2 |
| 06-Sep-2000 |
Bodo Möller |
Another superfluous pair of parentheses.
|
| #
f684090c |
| 06-Sep-2000 |
Bodo Möller |
Another round of indentation changes: Position braces consistently,
add some whitespace for 'if ()', 'for ()', 'while ()' to distinguish
keywords from function names, and finally remove paren
Another round of indentation changes: Position braces consistently,
add some whitespace for 'if ()', 'for ()', 'while ()' to distinguish
keywords from function names, and finally remove parens around return
values (why be stingy with whitespace but fill the source code
with an abundance of parentheses that are not needed to structure
expressions for readability?).
show more ...
|
| #
2f043896 |
| 05-Sep-2000 |
Dr. Stephen Henson |
*BIG* verify code reorganisation.
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests
*BIG* verify code reorganisation.
The old code was painfully primitive and couldn't handle
distinct certificates using the same subject name.
The new code performs several tests on a candidate issuer
certificate based on certificate extensions.
It also adds several callbacks to X509_VERIFY_CTX so its
behaviour can be customised.
Unfortunately some hackery was needed to persuade X509_STORE
to tolerate this. This should go away when X509_STORE is
replaced, sometime...
This must have broken something though :-(
show more ...
|
| #
bbb8de09 |
| 04-Sep-2000 |
Bodo Möller |
Avoid abort() throughout the library, except when preprocessor
symbols for debugging are defined.
|
| #
26a3a48d |
| 01-Jun-2000 |
Richard Levitte |
There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other pac
There have been a number of complaints from a number of sources that names
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
show more ...
|
|
Revision tags: OpenSSL_0_9_5, OpenSSL_0_9_5a, OpenSSL_0_9_5a-beta2, OpenSSL_0_9_5a-beta1, OpenSSL_0_9_5beta2, OpenSSL_0_9_5beta1 |
|
| #
9d1a01be |
| 30-Jan-2000 |
Ulf Möller |
Source code cleanups: Use void * rather than char * in lhash,
eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
|
| #
dd9d233e |
| 23-Jan-2000 |
Dr. Stephen Henson |
Tidy up CRYPTO_EX_DATA structures.
|
| #
13938ace |
| 29-Nov-1999 |
Dr. Stephen Henson |
Add part of chain verify SSL support code: not complete or doing anything
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and
Add part of chain verify SSL support code: not complete or doing anything
yet.
Add a function X509_STORE_CTX_purpose_inherit() which implements the logic
of "inheriting" purpose and trust from a parent structure and using a default:
this will be used in the SSL code and possibly future S/MIME.
Partial documentation of the 'verify' utility. Still need to document how all
the extension checking works and the various error messages.
show more ...
|
| #
d4cec6a1 |
| 26-Nov-1999 |
Dr. Stephen Henson |
New options to the -verify program which can be used for chain verification.
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need so
New options to the -verify program which can be used for chain verification.
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
show more ...
|
| #
11262391 |
| 24-Nov-1999 |
Dr. Stephen Henson |
Initial chain verify code: not tested probably not working
at present. However nothing enables it yet so this doesn't
matter :-)
|
|
Revision tags: OpenSSL_0_9_4 |
|
| #
5c0a4865 |
| 02-Jun-1999 |
Ben Laurie |
stack
|
| #
7e258a56 |
| 30-May-1999 |
Ben Laurie |
Yet another stack.
|
|
Revision tags: OpenSSL_0_9_3a, OpenSSL_0_9_3, OpenSSL_0_9_3beta2, OpenSSL_0_9_3beta1 |
|
| #
303c0028 |
| 09-May-1999 |
Bodo Möller |
Use "const char *" instead of "char *" for filenames passed to functions.
Submitted by:
Reviewed by:
PR:
|
