Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Show errors on CSR verification failure. | Dr. Stephen Henson | 2014-06-29 | 1 | -0/+2 |
| | | | | | | | | If CSR verify fails in ca utility print out error messages. Otherwise some errors give misleading output: for example if the key size exceeds the library limit. PR#2875 | ||||
* | Memory leak and NULL dereference fixes. | Dr. Stephen Henson | 2014-06-27 | 1 | -0/+3 |
| | | | | PR#3403 | ||||
* | misspellings fixes by https://github.com/vlajos/misspell_fixer | Veres Lajos | 2013-09-05 | 1 | -3/+3 |
| | |||||
* | fix printout of expiry days if -enddate is used in ca | Dr. Stephen Henson | 2012-11-20 | 1 | -1/+7 |
| | |||||
* | New -valid option to add a certificate to the ca index.txt that is valid and ↵ | Dr. Stephen Henson | 2012-09-09 | 1 | -1/+18 |
| | | | | not revoked | ||||
* | Sanitize usage of <ctype.h> functions. It's important that characters | Andy Polyakov | 2012-01-12 | 1 | -1/+1 |
| | | | | | are passed zero-extended, not sign-extended. PR: 2682 | ||||
* | free up sigopts STACK | Dr. Stephen Henson | 2010-03-14 | 1 | -0/+2 |
| | |||||
* | clear bogus errors in ca utility | Dr. Stephen Henson | 2010-03-14 | 1 | -0/+1 |
| | |||||
* | add -sigopt option to ca utility | Dr. Stephen Henson | 2010-03-14 | 1 | -20/+42 |
| | |||||
* | Replace the broken SPKAC certification with the correct version. | Dr. Stephen Henson | 2009-12-02 | 1 | -34/+2 |
| | |||||
* | Fix warnings about ignoring fgets return value | Dr. Stephen Henson | 2009-10-04 | 1 | -2/+12 |
| | |||||
* | PR: 2013 | Dr. Stephen Henson | 2009-09-02 | 1 | -1/+6 |
| | | | | | | | | | | | | Submitted by: steve@openssl.org Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created. This makes it possible to tell if the underlying type is UTCTime, GeneralizedTime or Time when the structure is reused and X509_time_adj_ex() can handle each case in an appropriate manner. Add error checking to CRL generation in ca utility when nextUpdate is being set. | ||||
* | Update from 1.0.0-stable | Dr. Stephen Henson | 2009-07-27 | 1 | -11/+11 |
| | |||||
* | PR: 1854 | Dr. Stephen Henson | 2009-03-09 | 1 | -13/+8 |
| | | | | | | | Submitted by: Oliver Martin <oliver@volatilevoid.net> Reviewed by: steve@openssl.org Support GeneralizedTime in ca utility. | ||||
* | Incidentally http://cvs.openssl.org/chngview?cn=17710 also made it possible | Andy Polyakov | 2008-12-22 | 1 | -0/+4 |
| | | | | | | to build the library without -D_CRT_NONSTDC_NO_DEPRECATE. This commit expands it even to apps catalog and actually omits the macro in question from Configure. | ||||
* | Experimental new date handling routines. These fix issues with X509_time_adj() | Dr. Stephen Henson | 2008-10-07 | 1 | -2/+2 |
| | | | | and should avoid any OS date limitations such as the year 2038 bug. | ||||
* | More type-checking. | Ben Laurie | 2008-06-04 | 1 | -10/+13 |
| | |||||
* | Avoid case in ca.c fix. | Dr. Stephen Henson | 2008-06-02 | 1 | -1/+1 |
| | |||||
* | Revert, doesn't fix warning :-( | Dr. Stephen Henson | 2008-06-02 | 1 | -4/+1 |
| | |||||
* | Avoid cast with wrapper function. | Dr. Stephen Henson | 2008-06-02 | 1 | -1/+4 |
| | |||||
* | Stop const mismatch warning. | Dr. Stephen Henson | 2008-05-31 | 1 | -1/+1 |
| | |||||
* | LHASH revamp. make depend. | Ben Laurie | 2008-05-26 | 1 | -4/+8 |
| | |||||
* | Fix some warnings. | Dr. Stephen Henson | 2008-03-16 | 1 | -2/+2 |
| | |||||
* | Return an error if the serial number is badly formed. (Coverity ID 116). | Ben Laurie | 2007-04-04 | 1 | -0/+2 |
| | |||||
* | Add RFC 3779 support. | Ben Laurie | 2006-11-27 | 1 | -0/+1 |
| | |||||
* | Support for multiple CRLs with same issuer name in X509_STORE. Modify | Dr. Stephen Henson | 2006-07-25 | 1 | -3/+16 |
| | | | | verify logic to try to use an unexpired CRL if possible. | ||||
* | Add support for default public key digest type ctrl. | Dr. Stephen Henson | 2006-05-07 | 1 | -25/+11 |
| | |||||
* | Remove link between digests and signature algorithms. | Dr. Stephen Henson | 2006-04-19 | 1 | -0/+2 |
| | | | | | Use cross reference table in ASN1_item_sign(), ASN1_item_verify() to eliminate the need for algorithm specific code. | ||||
* | Eliminate dependency on read/write/stat in apps under _WIN32. | Andy Polyakov | 2005-11-04 | 1 | -11/+1 |
| | |||||
* | successfully updating the db shouldn't result in an error message | Nils Larsch | 2005-09-30 | 1 | -1/+0 |
| | |||||
* | Update from stable branch. | Dr. Stephen Henson | 2005-07-04 | 1 | -16/+40 |
| | |||||
* | const fixes | Nils Larsch | 2005-04-15 | 1 | -5/+5 |
| | |||||
* | some const fixes | Nils Larsch | 2005-04-05 | 1 | -11/+13 |
| | |||||
* | Use the default_md config file value when signing CRLs. | Dr. Stephen Henson | 2004-11-11 | 1 | -29/+18 |
| | | | | PR:662 | ||||
* | Call setup_engine after autoconfig. | Dr. Stephen Henson | 2004-08-06 | 1 | -4/+4 |
| | |||||
* | Reduce chances of issuer and serial number duplication by use of random | Dr. Stephen Henson | 2004-04-20 | 1 | -1/+4 |
| | | | | | | initial serial numbers. PR: 842 | ||||
* | Clear error if unique_subject lookup fails. | Dr. Stephen Henson | 2004-04-15 | 1 | -1/+3 |
| | |||||
* | Use BUF_strlcpy() instead of strcpy(). | Richard Levitte | 2003-12-27 | 1 | -16/+23 |
| | | | | | | | Use BUF_strlcat() instead of strcat(). Use BIO_snprintf() instead of sprintf(). In some cases, keep better track of buffer lengths. This is part of a large change submitted by Markus Friedl <markus@openbsd.org> | ||||
* | Move another common functionality (reproduced so far with cut'n'paste) | Richard Levitte | 2003-11-28 | 1 | -17/+3 |
| | | | | to apps.c, and give it the hopefully descriptive name parse_yesno(). | ||||
* | Move do_subject() to apps.c and rename it to parse_name(). The | Richard Levitte | 2003-11-28 | 1 | -137/+1 |
| | | | | | | rationale behind the move is that it's use by several applications. The rationale behind the name change is that it describes what the function does a bit better. | ||||
* | Allow multi-valued rdns in subjects. This adds the -multivalue-rdn option | Richard Levitte | 2003-11-28 | 1 | -17/+35 |
| | | | | | | | | | | to 'openssl req' and 'openssl ca'. PR: 779 Submitted by: Michael Bell <michael.bell@cms.hu-berlin.de> Reviewed by: Richard Levitte (there will be some follow-up changes) | ||||
* | Netware-specific changes, | Richard Levitte | 2003-11-28 | 1 | -1/+1 |
| | | | | | | PR: 780 Submitted by: Verdon Walker <VWalker@novell.com> Reviewed by: Richard Levitte | ||||
* | A general spring-cleaning (in autumn) to fix up signed/unsigned warnings. | Geoff Thorpe | 2003-10-29 | 1 | -1/+2 |
| | | | | | | | | | | I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate. | ||||
* | Generalise the definition of strcasecmp() and strncasecmp() for | Richard Levitte | 2003-09-09 | 1 | -10/+0 |
| | | | | | | platforms that don't (necessarely) have it. In the case of VMS, this means moving a couple of functions from apps/ to crypto/ and make them general (although only used privately). | ||||
* | Implement CRL numbers. | Richard Levitte | 2003-06-19 | 1 | -4/+32 |
| | | | | | Contributed in whole by Laurent Genier <Laurent.Genier@intrinsec.com> PR: 644 | ||||
* | Convert save_serial() to work like save_index(), and add a | Richard Levitte | 2003-04-04 | 1 | -43/+2 |
| | | | | rotate_serial() that works like rotate_index(). | ||||
* | Add documentation on the added functionality in 'openssl ca'. | Richard Levitte | 2003-04-04 | 1 | -0/+1 |
| | |||||
* | Correct a lot of printing calls. Remove extra arguments... | Richard Levitte | 2003-04-03 | 1 | -1/+1 |
| | |||||
* | Implement self-signing in 'openssl ca'. This makes it easier to have | Richard Levitte | 2003-04-03 | 1 | -31/+59 |
| | | | | | | the CA certificate part of the CA database, and combined with 'unique_subject=no', it should make operations like CA certificate roll-over easier. | ||||
* | Reset the version number of the issuer certificate? I believe this | Richard Levitte | 2003-04-03 | 1 | -1/+1 |
| | | | | hasn't been tested in a long while... |