#
81202237 |
| 09-Aug-2023 |
Stephan Wurm |
apps: ca,req,x509: Add explicit start and end dates options - Added options `-not_before` (start date) and `-not-after` (end date) for explicit setting of the validity period of a cert
apps: ca,req,x509: Add explicit start and end dates options - Added options `-not_before` (start date) and `-not-after` (end date) for explicit setting of the validity period of a certificate in the apps `ca`, `req` and `x509` - The new options accept time strings or "today" - In app `ca`, use the new options as aliases of the already existing options `-startdate` and `-enddate` - When used in apps `req` and `x509`, the end date must be >= the start date, in app `ca` end date < start date is also accepted - In any case, `-not-after` overrides the `-days` option - Added helper function `check_cert_time_string` to validate given certificate time strings - Use the new helper function in apps `ca`, `req` and `x509` - Moved redundant code for time string checking into `set_cert_times` helper function. - Added tests for explicit start and end dates in apps `req` and `x509` - test: Added auxiliary functions for parsing fields from `-text` formatted output to `tconversion.pl` - CHANGES: Added to new section 3.4 Signed-off-by: Stephan Wurm <atomisirsi@gsklan.de> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21716)
show more ...
|
#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
4e5bf933 |
| 10-Jan-2024 |
Job Snijders |
Add apps/x509 -set_issuer & -set_subject option to override issuer & subject This changeset adds the counterpart to the '-subj' option to allow overriding the Issuer. For consistency, th
Add apps/x509 -set_issuer & -set_subject option to override issuer & subject This changeset adds the counterpart to the '-subj' option to allow overriding the Issuer. For consistency, the `-subj` option is aliased to `-set_subject`. The issuer can be specified as following apps/openssl x509 -new -set_issuer '/CN=example-nro-ta' -subj '/CN=2a7dd1d787d793e4c8af56e197d4eed92af6ba13' ... This is useful in constructing specific test-cases or rechaining PKI trees Joint work with George Michaelson (@geeohgeegeeoh) Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23257)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
a024ab98 |
| 16-Jul-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
Fix typos found by codespell Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from ht
Fix typos found by codespell Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21467)
show more ...
|
#
0e89b396 |
| 26-Aug-2022 |
Dr. David von Oheimb |
apps/x509 etc.: allow private key input when public key is expected Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David
apps/x509 etc.: allow private key input when public key is expected Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19076)
show more ...
|
#
342e3652 |
| 24-Sep-2022 |
Dr. David von Oheimb |
APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by:
APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19271)
show more ...
|
#
0b7ad5d9 |
| 23-Nov-2022 |
Jan |
Fix typo in openssl-x509.pod.in CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/o
Fix typo in openssl-x509.pod.in CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19746)
show more ...
|
#
200d8447 |
| 06-Jul-2021 |
Dr. David von Oheimb |
APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too Also add related references to FR #15725. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
APPS: Move load_csr_autofmt() from apps/cmp.c to apps.c and use it also for apps, too Also add related references to FR #15725. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18900)
show more ...
|
#
7a16f179 |
| 14-Jul-2022 |
Dr. David von Oheimb |
apps/x509: Improve doc fix for -CAserial anc -CAcreateserial This follows up on https://github.com/openssl/openssl/pull/18373 Reviewed-by: Hugo Landau <hlandau@openssl.org> Revi
apps/x509: Improve doc fix for -CAserial anc -CAcreateserial This follows up on https://github.com/openssl/openssl/pull/18373 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18804)
show more ...
|
#
aa73b7d3 |
| 31-May-2022 |
Dr. David von Oheimb |
openssl-x509.pod.in: fix description of certificate serial number storage Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Lan
openssl-x509.pod.in: fix description of certificate serial number storage Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18373)
show more ...
|
#
ec8a3409 |
| 30-May-2022 |
Dr. David von Oheimb |
APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial. Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c. Reviewed-by:
APPS/x509: With -CA but both -CAserial and -CAcreateserial not given, use random serial. Also improve openssl-x509.pod.in and error handling of load_serial() in apps.c. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18373)
show more ...
|
#
cc0d1b03 |
| 25-Aug-2021 |
Dr. David von Oheimb |
openssl-x509.pod.in: Reflect better that -signkey is an alias for -key option Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16440)
|
#
611ef4f3 |
| 27-Aug-2021 |
Dr. David von Oheimb |
APPS/{x509,req}: Fix description and diagnostics of -key, -in, etc. options Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16440)
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j |
|
#
4acda863 |
| 16-Feb-2021 |
Dr. David von Oheimb |
DOC: Clarify the role of EKUs including defaults for TLS client and server use Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14199)
|
#
8c5bff22 |
| 01-Mar-2021 |
William Edmisten |
Add support for ISO 8601 datetime format Fixes #5430 Added the configuration file option "date_opt" to the openssl applications ca, crl and x509. Added ASN1_TIME_print_ex wh
Add support for ISO 8601 datetime format Fixes #5430 Added the configuration file option "date_opt" to the openssl applications ca, crl and x509. Added ASN1_TIME_print_ex which supports the new datetime format using the flag ASN1_DTFLGS_ISO8601 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14384)
show more ...
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
f9ac6f69 |
| 23-Dec-2020 |
Dr. David von Oheimb |
Improve the documentation of cert path building and validation Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13735)
|
#
e53ad1d8 |
| 17-May-2021 |
Rich Salz |
Remove '=for openssl ifdef' No longer needed after rewrite of cmd-nits Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org>
Remove '=for openssl ifdef' No longer needed after rewrite of cmd-nits Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15311)
show more ...
|
#
bee3f389 |
| 03-May-2021 |
Tomas Mraz |
Document the behavior of the -inform and related options Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15100)
|
#
9293046f |
| 06-Jan-2021 |
Dr. David von Oheimb |
apps/x509.c: Rename -signkey to -key for consistency with the req app Also because this better reflects that usually also the public portion is used. Retaining the old -signkey as an ali
apps/x509.c: Rename -signkey to -key for consistency with the req app Also because this better reflects that usually also the public portion is used. Retaining the old -signkey as an alias for backward compatibility. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14007)
show more ...
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
#
05458fdb |
| 08-Jan-2021 |
Dr. David von Oheimb |
apps/x509.c: Make -x509toreq respect -clrext, -sigopt, and -extfile options Also prevent copying SKID and AKID extension, which make no sense in CSRs and extend the use -ext to select wi
apps/x509.c: Make -x509toreq respect -clrext, -sigopt, and -extfile options Also prevent copying SKID and AKID extension, which make no sense in CSRs and extend the use -ext to select with extensions are copied. Further simplifiy the overall structure of the code. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13711)
show more ...
|
#
b9fbacaa |
| 06-Jan-2021 |
Dr. David von Oheimb |
apps/x509.c: Add -copy_extensions option, used when transforming x509 <-> req Fixes #3638 Fixes #6481 Fixes #10458 Partly fixes #13708 Supersedes #9449 Reviewed-by:
apps/x509.c: Add -copy_extensions option, used when transforming x509 <-> req Fixes #3638 Fixes #6481 Fixes #10458 Partly fixes #13708 Supersedes #9449 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13711)
show more ...
|
#
b24cfd6b |
| 19-Dec-2020 |
Dr. David von Oheimb |
apps/x509.c: Major code, user guidance, and documentation cleanup This brings the options in help output and doc in reasonable order and fixes various corner cases of option use combinat
apps/x509.c: Major code, user guidance, and documentation cleanup This brings the options in help output and doc in reasonable order and fixes various corner cases of option use combinations Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13711)
show more ...
|
#
7c5237e1 |
| 10-Dec-2020 |
Dr. David von Oheimb |
apps/x509.c: Take the -signkey arg as default pubkey with -new Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13711)
|