Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16 |
|
#
c0452248 |
| 20-Apr-2017 |
Rich Salz |
Ignore dups in X509_STORE_add_* X509_STORE_add_cert and X509_STORE_add_crl are changed to return success if the object to be added was already found in the store, rather than returni
Ignore dups in X509_STORE_add_* X509_STORE_add_cert and X509_STORE_add_crl are changed to return success if the object to be added was already found in the store, rather than returning an error. Raise errors if empty or malformed files are read when loading certificates and CRLs. Remove NULL checks and allow a segv to occur. Add error handing for all calls to X509_STORE_add_c{ert|tl} Refactor these two routines into one. Bring the unit test for duplicate certificates up to date using the test framework. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2830)
show more ...
|
#
b6ef12c4 |
| 21-Mar-2017 |
David Benjamin |
Remove duplicate X509_OBJECT free function. These two functions do the same thing. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org
Remove duplicate X509_OBJECT free function. These two functions do the same thing. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3001)
show more ...
|
Revision tags: OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15, OpenSSL-fips-2_0_14, OpenSSL_1_1_0c, OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a |
|
#
2f545ae4 |
| 27-Aug-2016 |
Kurt Roeckx |
Add support for reference counting using C11 atomics Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1500
|
#
f3b3d7f0 |
| 30-Aug-2016 |
Rich Salz |
Add -Wswitch-enum Change code so when switching on an enumeration, have case's for all enumeration values. Reviewed-by: Andy Polyakov <appro@openssl.org>
|
Revision tags: OpenSSL_1_1_0, OpenSSL_1_1_0-pre6 |
|
#
cfc5e0aa |
| 31-Jul-2016 |
FdaSilvaYY |
Constify inputs of two X509_LOOKUP_METHOD methods ... get_by_fingerprint() and get_by_alias() Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@op
Constify inputs of two X509_LOOKUP_METHOD methods ... get_by_fingerprint() and get_by_alias() Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
ba1a1c37 |
| 25-Jul-2016 |
Dr. Stephen Henson |
Deprecate X509_LU_FAIL, X509_LU_RETRY Instead of X509_LU_FAIL, X509_LU_RETRY use 0/1 for return values. RT#4577 Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
0946a198 |
| 25-Jul-2016 |
Dr. Stephen Henson |
Use X509_LOOKUP_TYPE for lookup type consistently. Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
fc9d1ef3 |
| 25-Jul-2016 |
Dr. Stephen Henson |
Remove current_method from X509_STORE_CTX Remove current_method: it was intended as a means of retrying lookups bit it was never used. Now that X509_verify_cert() is a "one shot" ope
Remove current_method from X509_STORE_CTX Remove current_method: it was intended as a means of retrying lookups bit it was never used. Now that X509_verify_cert() is a "one shot" operation it can never work as intended. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
3067095e |
| 07-Jul-2016 |
Richard Levitte |
Add X509_STORE lock and unlock functions Since there are a number of function pointers in X509_STORE that might lead to user code, it makes sense for them to be able to lock the stor
Add X509_STORE lock and unlock functions Since there are a number of function pointers in X509_STORE that might lead to user code, it makes sense for them to be able to lock the store while they do their work. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
0a5fe2eb |
| 20-Jul-2016 |
Richard Levitte |
Add setter and getter for X509_STORE's check_policy Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
1060a50b |
| 07-Jul-2016 |
Richard Levitte |
Add getters / setters for the X509_STORE_CTX and X509_STORE functions We only add setters for X509_STORE function pointers except for the verify callback function. The thought is that t
Add getters / setters for the X509_STORE_CTX and X509_STORE functions We only add setters for X509_STORE function pointers except for the verify callback function. The thought is that the function pointers in X509_STORE_CTX are a cache for the X509_STORE functions. Therefore, it's preferable if the user makes the changes in X509_STORE before X509_STORE_CTX_init is called, and otherwise use the verify callback to override any results from OpenSSL's internal calculations. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
#
68efafc5 |
| 27-Jun-2016 |
FdaSilvaYY |
Add checks on sk_TYPE_push() returned value Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
|
Revision tags: OpenSSL-fips-2_0_13 |
|
#
7d7da288 |
| 14-May-2016 |
FdaSilvaYY |
Constify X509_OBJECT_get_type & X509_OBJECT_get0_X509 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.o
Constify X509_OBJECT_get_type & X509_OBJECT_get0_X509 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1074)
show more ...
|
#
6ddbb4cd |
| 17-May-2016 |
Rich Salz |
X509_STORE_CTX accessors. Add some functions that were missing when a number of X509 objects became opaque (thanks, Roumen!) Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
b1322259 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 09/10 Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4 |
|
#
c5ebfcab |
| 07-Mar-2016 |
FdaSilvaYY |
Unify <TYPE>_up_ref methods signature and behaviour. Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-
Unify <TYPE>_up_ref methods signature and behaviour. Add a status return value instead of void. Add some sanity checks on reference counter value. Update the docs. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
show more ...
|
#
7cafbb4b |
| 29-Apr-2016 |
Matt Caswell |
Fix some X509_STORE macros Some X509_STORE macros do not work since the type was made opaque. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
|
#
f0c58c32 |
| 19-Apr-2016 |
Christian Heimes |
Add getters for X509_STORE and X509_OBJECT members OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl module requires access to some of the struct members. Three ne
Add getters for X509_STORE and X509_OBJECT members OpenSSL 1.1.0-pre5 has made some additional structs opaque. Python's ssl module requires access to some of the struct members. Three new getters are added: int X509_OBJECT_get_type(X509_OBJECT *a); STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
3aec886e |
| 19-Apr-2016 |
Kazuki Yamaguchi |
GH975 Add ex_data functions for X509_STORE Add X509_STORE_{set,get}_ex_data() function and X509_STORE_get_ex_new_index() macro. X509_STORE has ex_data and the documentation also
GH975 Add ex_data functions for X509_STORE Add X509_STORE_{set,get}_ex_data() function and X509_STORE_get_ex_new_index() macro. X509_STORE has ex_data and the documentation also mentions them but they are not actually implemented. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
#
f0e0fd51 |
| 15-Apr-2016 |
Rich Salz |
Make many X509_xxx types opaque. Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD opaque. Remove unused X509_CERT_FILE_CTX Reviewed-by: Rich
Make many X509_xxx types opaque. Make X509_OBJECT, X509_STORE_CTX, X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD opaque. Remove unused X509_CERT_FILE_CTX Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_1s, OpenSSL_1_0_2g |
|
#
70dd3c65 |
| 27-Feb-2016 |
Viktor Dukhovni |
Tidy up x509_vfy callback handling Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
|
#
c001ce33 |
| 01-Mar-2016 |
Alessandro Ghedini |
Convert CRYPTO_LOCK_X509_* to new multi-threading API Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
|
Revision tags: OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12 |
|
#
f3f1cf84 |
| 30-Jan-2016 |
Rich Salz |
Move to REF_DEBUG, for consistency. Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT This is also RT 4181 Reviewed-by: Richard Levitte <levitte@openssl.org>
|
Revision tags: OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2 |
|
#
34980760 |
| 18-Dec-2015 |
Rich Salz |
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
#
da950fd3 |
| 28-Oct-2015 |
Alessandro Ghedini |
Remove useless locking code Follow-up to 070c233. Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@akamai.com> GH: #454
|