| #
29fcd2e7 |
| 21-Jul-2022 |
Todd Short |
Add test from "Fix re-signing certificates with different key sizes"
Tests for #16080 and #18836
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@open
Add test from "Fix re-signing certificates with different key sizes"
Tests for #16080 and #18836
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18841)
show more ...
|
| #
55b7fa26 |
| 14-Jun-2022 |
Hartmut Holzgraefe |
Have set_dateopt() return 1 on success to make -dateopt work
Fixes #18553
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from
Have set_dateopt() return 1 on success to make -dateopt work
Fixes #18553
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18554)
(cherry picked from commit 67e1b558e67a3bee1f20f8a9e067211b440404f8)
show more ...
|
| #
53d0d01f |
| 25-Jun-2021 |
Matt Caswell |
Avoid some MinGW test failures
There were 4 classes of failure:
- line ending problems;
- unicode problems;
- file path munging problems; and
- a "hang" in test_cmp_http
Avoid some MinGW test failures
There were 4 classes of failure:
- line ending problems;
- unicode problems;
- file path munging problems; and
- a "hang" in test_cmp_http.
The unicode problems appear to be somewhere between wine or msys - they
don't actually appear to be a problem with the built binaries. We just skip
those tests for now.
Fixes #13558
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15939)
show more ...
|
| #
46399d9d |
| 16-Jun-2021 |
Richard Levitte |
UTF-8 not easily supported on VMS command line yet
Some tests are designed to test UTF-8 on the command line.
We simply disable those on VMS.
Reviewed-by: Paul Dale <pauli@opens
UTF-8 not easily supported on VMS command line yet
Some tests are designed to test UTF-8 on the command line.
We simply disable those on VMS.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)
show more ...
|
| #
237cb05d |
| 27-May-2021 |
Matt Caswell |
Just look for "Unable to load Public Key" if no SM2
The X509 test was looking for some specific errors when printing an SM2
X509 certificate when SM2 is disabled. In fact these errors ap
Just look for "Unable to load Public Key" if no SM2
The X509 test was looking for some specific errors when printing an SM2
X509 certificate when SM2 is disabled. In fact these errors appear in the
middle of the certificate printing which is quite odd. There is also a
separate error "Unable to load Public Key" which is more cleanly printed.
With the recent change to using provided keys in certs the old errors are
no longer output. However printing them in the middle of the cert is
probably not right anyway. So we just rely on the "Unable to load Public
Key" message.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15504)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
| #
d105a24c |
| 03-May-2021 |
Tomas Mraz |
Add some tests for -inform/keyform enforcement
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
|
|
Revision tags: openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
| #
2c8a740a |
| 02-Mar-2021 |
Tomas Mraz |
test/x509: Test for issuer being overwritten when printing.
The regression from commit 05458fd was fixed, but there is
no test for that regression. This adds it simply by having
a ce
test/x509: Test for issuer being overwritten when printing.
The regression from commit 05458fd was fixed, but there is
no test for that regression. This adds it simply by having
a certificate that we compare for -text output having
a different subject and issuer.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14353)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
| #
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
|
| #
05458fdb |
| 08-Jan-2021 |
Dr. David von Oheimb |
apps/x509.c: Make -x509toreq respect -clrext, -sigopt, and -extfile options
Also prevent copying SKID and AKID extension, which make no sense in CSRs
and extend the use -ext to select wi
apps/x509.c: Make -x509toreq respect -clrext, -sigopt, and -extfile options
Also prevent copying SKID and AKID extension, which make no sense in CSRs
and extend the use -ext to select with extensions are copied.
Further simplifiy the overall structure of the code.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha10 |
|
| #
49b36afb |
| 10-Dec-2020 |
Dr. David von Oheimb |
25-test_x509.t: Make test case w.r.t. self-issued cert run also without EC enabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711)
|
| #
abc4439c |
| 10-Dec-2020 |
Dr. David von Oheimb |
25-test_x509.t: Minor update: factor out path for test input files
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711)
|
| #
8cadc517 |
| 10-Dec-2020 |
Dr. David von Oheimb |
25-test_x509.t: Minor update: do not anymore unlink test output files
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13711)
|
| #
f0a057dd |
| 19-Dec-2020 |
Dr. David von Oheimb |
Add tests for (non-)default SKID and AKID inclusion by apps/{req,x509,ca}.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
|
|
Revision tags: OpenSSL_1_1_1i |
|
| #
1a683b80 |
| 07-Dec-2020 |
Dr. David von Oheimb |
apps/{ca,req,x509}.c: Improve diag and doc mostly on X.509 extensions, fix multiple instances
This includes a general correction in the code (now using the X509V3_CTX_REPLACE flag)
and a
apps/{ca,req,x509}.c: Improve diag and doc mostly on X.509 extensions, fix multiple instances
This includes a general correction in the code (now using the X509V3_CTX_REPLACE flag)
and adding a prominent clarification in the documentation:
If multiple entries are processed for the same extension name,
later entries override earlier ones with the same name.
This is due to an RFC 5280 requirement - the intro of its section 4.2 says:
A certificate MUST NOT include more than one instance of a particular extension.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha9 |
|
| #
f7626d0b |
| 09-Nov-2020 |
Dr. David von Oheimb |
25-test_x509.t: Re-add and improve a test on non-existence of ASN.1 parse errors
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13353)
|
|
Revision tags: openssl-3.0.0-alpha8 |
|
| #
8016faf1 |
| 04-Nov-2020 |
Shane Lontis |
Remove test that breaks on AIX.
The offending test checks that fopen("anydir/") fails. This looks fairly platform
specific. For the test involved this creates a file called
"anydir"
Remove test that breaks on AIX.
The offending test checks that fopen("anydir/") fails. This looks fairly platform
specific. For the test involved this creates a file called
"anydir" on an AIX test machine.
This change was introduced on (Sept 24)
https://github.com/openssl/openssl/commit/29844ea5b3d2b7240d99b043a0d82cb177f0762d
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13309)
show more ...
|
| #
b40498c6 |
| 15-Oct-2020 |
Richard Levitte |
TEST: modify tconversion.pl for forensics
In the interest of finding out what went wrong with a test by looking
at its output, tconversion.pl is modified to take arguments in option
TEST: modify tconversion.pl for forensics
In the interest of finding out what went wrong with a test by looking
at its output, tconversion.pl is modified to take arguments in option
form, and gets an additional -prefix option that callers can use to
ensure output files are uniquely named.
Test recipes are modified to use these new options.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13147)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha7 |
|
| #
9032c2c1 |
| 28-Sep-2020 |
Dr. David von Oheimb |
25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/130
25-test_x509.t: Add test for suitable error report loading unsupported sm2 cert
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13023)
show more ...
|
|
Revision tags: OpenSSL_1_1_1h |
|
| #
29844ea5 |
| 16-Sep-2020 |
Dr. David von Oheimb |
Prune low-level ASN.1 parse errors from error queue in decoder_process()
Fixes #12840
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@ope
Prune low-level ASN.1 parse errors from error queue in decoder_process()
Fixes #12840
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12893)
show more ...
|
| #
2a33470b |
| 16-Aug-2020 |
Dr. David von Oheimb |
Make better use of new load_cert_pass() variant of load_cert() in apps/
allows loading password-protected PKCS#12 files in x509, ca, s_client, s_server
Reviewed-by: Richard Levitte
Make better use of new load_cert_pass() variant of load_cert() in apps/
allows loading password-protected PKCS#12 files in x509, ca, s_client, s_server
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12647)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
| #
4acd484d |
| 23-Dec-2019 |
Dr. David von Oheimb |
Make x509 -force_pubkey test case with self-issued cert more realistic
by adding CA basic constraints, CA key usage, and key IDs to the cert
and by add -partial_chain to the verify call that
Make x509 -force_pubkey test case with self-issued cert more realistic
by adding CA basic constraints, CA key usage, and key IDs to the cert
and by add -partial_chain to the verify call that trusts this cert
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
show more ...
|
| #
47f387e9 |
| 21-Apr-2020 |
Dirk-Willem van Gulik |
Add support for unusal 'othername' subjectAltNames
Increasingly certificates seem to have special things in the subjectAltName that have arbitrary strings in them.
E.g. some (now) c
Add support for unusal 'othername' subjectAltNames
Increasingly certificates seem to have special things in the subjectAltName that have arbitrary strings in them.
E.g. some (now) common in EU export certificates and, for a few years now, certificates issued to medical doctors (in for example the netherlands, the full spec is https://www.uziregister.nl/Media/Default/PDF/20200325%20CA%20model%20pasmodel%20certificaatprofielen%20v10_0.pdf, section 4.8, page 16 for an example of one country).
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11599)
show more ...
|
| #
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
|
| #
42f7a489 |
| 12-Feb-2020 |
Richard Levitte |
TEST: Modify test/recipes/25-test_x509.t to leave artifacts behind
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
|
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
| #
1f019cd0 |
| 26-Mar-2019 |
Matt Caswell |
Fix no-ec
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8588)
|
