|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16 |
|
| #
c0452248 |
| 20-Apr-2017 |
Rich Salz |
Ignore dups in X509_STORE_add_*
X509_STORE_add_cert and X509_STORE_add_crl are changed to return
success if the object to be added was already found in the store, rather
than returni
Ignore dups in X509_STORE_add_*
X509_STORE_add_cert and X509_STORE_add_crl are changed to return
success if the object to be added was already found in the store, rather
than returning an error.
Raise errors if empty or malformed files are read when loading certificates
and CRLs.
Remove NULL checks and allow a segv to occur.
Add error handing for all calls to X509_STORE_add_c{ert|tl}
Refactor these two routines into one.
Bring the unit test for duplicate certificates up to date using the test
framework.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2830)
show more ...
|
| #
b6ef12c4 |
| 21-Mar-2017 |
David Benjamin |
Remove duplicate X509_OBJECT free function.
These two functions do the same thing.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org
Remove duplicate X509_OBJECT free function.
These two functions do the same thing.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3001)
show more ...
|
|
Revision tags: OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a |
|
| #
2f545ae4 |
| 27-Aug-2016 |
Kurt Roeckx |
Add support for reference counting using C11 atomics
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1500
|
| #
f3b3d7f0 |
| 30-Aug-2016 |
Rich Salz |
Add -Wswitch-enum
Change code so when switching on an enumeration, have case's for all
enumeration values.
Reviewed-by: Andy Polyakov <appro@openssl.org>
|
|
Revision tags: OpenSSL_1_1_0, OpenSSL_1_1_0-pre6 |
|
| #
cfc5e0aa |
| 31-Jul-2016 |
FdaSilvaYY |
Constify inputs of two X509_LOOKUP_METHOD methods
... get_by_fingerprint() and get_by_alias()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@op
Constify inputs of two X509_LOOKUP_METHOD methods
... get_by_fingerprint() and get_by_alias()
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
ba1a1c37 |
| 25-Jul-2016 |
Dr. Stephen Henson |
Deprecate X509_LU_FAIL, X509_LU_RETRY
Instead of X509_LU_FAIL, X509_LU_RETRY use 0/1 for return values.
RT#4577
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
0946a198 |
| 25-Jul-2016 |
Dr. Stephen Henson |
Use X509_LOOKUP_TYPE for lookup type consistently.
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
fc9d1ef3 |
| 25-Jul-2016 |
Dr. Stephen Henson |
Remove current_method from X509_STORE_CTX
Remove current_method: it was intended as a means of retrying
lookups bit it was never used. Now that X509_verify_cert() is
a "one shot" ope
Remove current_method from X509_STORE_CTX
Remove current_method: it was intended as a means of retrying
lookups bit it was never used. Now that X509_verify_cert() is
a "one shot" operation it can never work as intended.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
3067095e |
| 07-Jul-2016 |
Richard Levitte |
Add X509_STORE lock and unlock functions
Since there are a number of function pointers in X509_STORE that might
lead to user code, it makes sense for them to be able to lock the
stor
Add X509_STORE lock and unlock functions
Since there are a number of function pointers in X509_STORE that might
lead to user code, it makes sense for them to be able to lock the
store while they do their work.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
0a5fe2eb |
| 20-Jul-2016 |
Richard Levitte |
Add setter and getter for X509_STORE's check_policy
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
| #
1060a50b |
| 07-Jul-2016 |
Richard Levitte |
Add getters / setters for the X509_STORE_CTX and X509_STORE functions
We only add setters for X509_STORE function pointers except for the
verify callback function. The thought is that t
Add getters / setters for the X509_STORE_CTX and X509_STORE functions
We only add setters for X509_STORE function pointers except for the
verify callback function. The thought is that the function pointers
in X509_STORE_CTX are a cache for the X509_STORE functions.
Therefore, it's preferable if the user makes the changes in X509_STORE
before X509_STORE_CTX_init is called, and otherwise use the verify
callback to override any results from OpenSSL's internal
calculations.
Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
| #
68efafc5 |
| 27-Jun-2016 |
FdaSilvaYY |
Add checks on sk_TYPE_push() returned value
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Revision tags: OpenSSL-fips-2_0_13 |
|
| #
7d7da288 |
| 14-May-2016 |
FdaSilvaYY |
Constify X509_OBJECT_get_type & X509_OBJECT_get0_X509
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.o
Constify X509_OBJECT_get_type & X509_OBJECT_get0_X509
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1074)
show more ...
|
| #
6ddbb4cd |
| 17-May-2016 |
Rich Salz |
X509_STORE_CTX accessors.
Add some functions that were missing when a number of X509
objects became opaque (thanks, Roumen!)
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
| #
b1322259 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 09/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4 |
|
| #
c5ebfcab |
| 07-Mar-2016 |
FdaSilvaYY |
Unify <TYPE>_up_ref methods signature and behaviour.
Add a status return value instead of void.
Add some sanity checks on reference counter value.
Update the docs.
Reviewed-
Unify <TYPE>_up_ref methods signature and behaviour.
Add a status return value instead of void.
Add some sanity checks on reference counter value.
Update the docs.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
| #
7cafbb4b |
| 29-Apr-2016 |
Matt Caswell |
Fix some X509_STORE macros
Some X509_STORE macros do not work since the type was made opaque.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
| #
f0c58c32 |
| 19-Apr-2016 |
Christian Heimes |
Add getters for X509_STORE and X509_OBJECT members
OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl
module requires access to some of the struct members. Three ne
Add getters for X509_STORE and X509_OBJECT members
OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl
module requires access to some of the struct members. Three new getters
are added:
int X509_OBJECT_get_type(X509_OBJECT *a);
STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
3aec886e |
| 19-Apr-2016 |
Kazuki Yamaguchi |
GH975 Add ex_data functions for X509_STORE
Add X509_STORE_{set,get}_ex_data() function and
X509_STORE_get_ex_new_index() macro.
X509_STORE has ex_data and the documentation also
GH975 Add ex_data functions for X509_STORE
Add X509_STORE_{set,get}_ex_data() function and
X509_STORE_get_ex_new_index() macro.
X509_STORE has ex_data and the documentation also mentions them but they
are not actually implemented.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
| #
f0e0fd51 |
| 15-Apr-2016 |
Rich Salz |
Make many X509_xxx types opaque.
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX
Reviewed-by: Rich
Make many X509_xxx types opaque.
Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP,
and X509_LOOKUP_METHOD opaque.
Remove unused X509_CERT_FILE_CTX
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_0_1s, OpenSSL_1_0_2g |
|
| #
70dd3c65 |
| 27-Feb-2016 |
Viktor Dukhovni |
Tidy up x509_vfy callback handling
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
| #
c001ce33 |
| 01-Mar-2016 |
Alessandro Ghedini |
Convert CRYPTO_LOCK_X509_* to new multi-threading API
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
|
Revision tags: OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12 |
|
| #
f3f1cf84 |
| 30-Jan-2016 |
Rich Salz |
Move to REF_DEBUG, for consistency.
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT
This is also RT 4181
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Revision tags: OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2 |
|
| #
34980760 |
| 18-Dec-2015 |
Rich Salz |
Remove /* foo.c */ comments
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1
Remove /* foo.c */ comments
This was done by the following
find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
print unless $. == 1 && m@/\* .*\.[ch] \*/@;
close ARGV if eof; # Close file to reset $.
And then some hand-editing of other files.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
| #
da950fd3 |
| 28-Oct-2015 |
Alessandro Ghedini |
Remove useless locking code
Follow-up to 070c233.
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@akamai.com>
GH: #454
|
