| #
eaf577c8 |
| 04-Jul-2024 |
Dr. David von Oheimb |
extend X509_REQ_add_extensions_nid() and thuis APPS/req to support augmenting/overriding existing extensions
Fixes #11169
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed
extend X509_REQ_add_extensions_nid() and thuis APPS/req to support augmenting/overriding existing extensions
Fixes #11169
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24792)
show more ...
|
| #
81202237 |
| 09-Aug-2023 |
Stephan Wurm |
apps: ca,req,x509: Add explicit start and end dates options
- Added options `-not_before` (start date) and `-not-after` (end date)
for explicit setting of the validity period of a cert
apps: ca,req,x509: Add explicit start and end dates options
- Added options `-not_before` (start date) and `-not-after` (end date)
for explicit setting of the validity period of a certificate in the
apps `ca`, `req` and `x509`
- The new options accept time strings or "today"
- In app `ca`, use the new options as aliases of the already existing
options `-startdate` and `-enddate`
- When used in apps `req` and `x509`, the end date must be >= the start
date, in app `ca` end date < start date is also accepted
- In any case, `-not-after` overrides the `-days` option
- Added helper function `check_cert_time_string` to validate given
certificate time strings
- Use the new helper function in apps `ca`, `req` and `x509`
- Moved redundant code for time string checking into `set_cert_times`
helper function.
- Added tests for explicit start and end dates in apps `req` and `x509`
- test: Added auxiliary functions for parsing fields from `-text`
formatted output to `tconversion.pl`
- CHANGES: Added to new section 3.4
Signed-off-by: Stephan Wurm <atomisirsi@gsklan.de>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21716)
show more ...
|
| #
496bc128 |
| 29-Mar-2024 |
Matt Caswell |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 3764f200f9d44622faa8ac1b15d2f3eb7c39e473)
Reviewed-by: Hugo Lan
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 3764f200f9d44622faa8ac1b15d2f3eb7c39e473)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
| #
2410cb42 |
| 27-Feb-2024 |
Job Snijders |
Align 'openssl req' string_mask docs to how the software really works
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from htt
Align 'openssl req' string_mask docs to how the software really works
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23699)
show more ...
|
| #
15585af9 |
| 27-Mar-2024 |
Vladimir Kotal |
Document change of -verify behavior in crl and req apps
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/o
Document change of -verify behavior in crl and req apps
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23983)
show more ...
|
| #
6af739b7 |
| 07-Mar-2024 |
Vladimir Kotal |
apps/req,crl: exit with 1 on verification failure
Fixes #23771
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged
apps/req,crl: exit with 1 on verification failure
Fixes #23771
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23773)
show more ...
|
| #
aa3347ba |
| 16-Dec-2023 |
James Muir |
doc: fix "the a" typos (and other things nearby)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/op
doc: fix "the a" typos (and other things nearby)
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/23068)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
c1673a60 |
| 02-Sep-2023 |
Philip Prindeville |
Per other commands, make progress dots in req only w/ -verbose
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Revi
Per other commands, make progress dots in req only w/ -verbose
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21937)
show more ...
|
| #
342e3652 |
| 24-Sep-2022 |
Dr. David von Oheimb |
APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by:
APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19271)
show more ...
|
| #
45ada6b9 |
| 05-Oct-2022 |
Richard Levitte |
Change all references to OpenSSL 3.1 to OpenSSL 3.2 in the master branch
3.1 has been decided to be a FIPS 140-3 release, springing from the branch
openssl-3.0, and the master branch to
Change all references to OpenSSL 3.1 to OpenSSL 3.2 in the master branch
3.1 has been decided to be a FIPS 140-3 release, springing from the branch
openssl-3.0, and the master branch to continue with the development of
OpenSSL 3.2.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19350)
show more ...
|
| #
200d8447 |
| 06-Jul-2021 |
Dr. David von Oheimb |
APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too
Also add related references to FR #15725.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too
Also add related references to FR #15725.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18900)
show more ...
|
| #
251e9412 |
| 20-Oct-2021 |
Dr. David von Oheimb |
APPS/req.c: Make -reqexts option an alias of -extensions option
This simplifies code, doc, and use.
Fixes issue ignoring one or the other.
Reviewed-by: Tomas Mraz <tomas@openssl
APPS/req.c: Make -reqexts option an alias of -extensions option
This simplifies code, doc, and use.
Fixes issue ignoring one or the other.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16865)
show more ...
|
| #
611ef4f3 |
| 27-Aug-2021 |
Dr. David von Oheimb |
APPS/{x509,req}: Fix description and diagnostics of -key, -in, etc. options
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16440)
|
| #
20b39175 |
| 26-Aug-2021 |
Rich Salz |
Yet another doc-nits fix
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged
Yet another doc-nits fix
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16436)
show more ...
|
| #
f2b6edcf |
| 25-Aug-2021 |
Dr. David von Oheimb |
APPS/req: Fix misconceptions on -CA, -CAkey, and -key options. -CA now implies -x509
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1642
APPS/req: Fix misconceptions on -CA, -CAkey, and -key options. -CA now implies -x509
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16420)
show more ...
|
| #
6b38d7dc |
| 02-Aug-2021 |
Dmitry Belyavskiy |
If we have passed the private key, don't copy it implicitly
Fixes #16197
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
If we have passed the private key, don't copy it implicitly
Fixes #16197
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16199)
show more ...
|
| #
8b893c35 |
| 26-May-2021 |
Dr. David von Oheimb |
APPS req: Extend the -keyout option to be respected also with -key
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.
APPS req: Extend the -keyout option to be respected also with -key
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13715)
show more ...
|
| #
54e8f725 |
| 26-May-2021 |
Dr. David von Oheimb |
DOC: Improve description of 'req' app: -new, -newkey, and -keyout options
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://
DOC: Improve description of 'req' app: -new, -newkey, and -keyout options
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13715)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17 |
|
| #
e53ad1d8 |
| 17-May-2021 |
Rich Salz |
Remove '=for openssl ifdef'
No longer needed after rewrite of cmd-nits
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Remove '=for openssl ifdef'
No longer needed after rewrite of cmd-nits
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15311)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha16 |
|
| #
bee3f389 |
| 03-May-2021 |
Tomas Mraz |
Document the behavior of the -inform and related options
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
|
|
Revision tags: openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
| #
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
|
|
Revision tags: openssl-3.0.0-alpha10 |
|
| #
04a1b3fa |
| 06-Jan-2021 |
Dr. David von Oheimb |
apps/req.c: Make sure -verify option takes effect also with -x509
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
|
| #
0ae8d4ca |
| 06-Jan-2021 |
Dr. David von Oheimb |
apps/req.c: Cosmetic improvements of code and documentation
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
|
| #
b65c5ec8 |
| 24-Dec-2020 |
Dr. David von Oheimb |
apps/req.c: Add -copy_extensions option for use with -x509; default: none
Fixes #13708
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/
apps/req.c: Add -copy_extensions option for use with -x509; default: none
Fixes #13708
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
show more ...
|
