summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* document i2a_ASN1_STRING(3) and a2i_ASN1_STRING(3)schwarze2021-11-153-3/+163
|
* Fix a strange check in the auto DH codepathtb2021-11-141-3/+5
| | | | | | | | | | The code assumes that the server certificate has an RSA key and bases the calculation of the size of the ephemeral DH key on this assumption. So instead of checking whether we have any key by inspecting the dh part of the union, let's check that we actually have an RSA key. While here, make sure that its length is non-negative. ok jsing
* the last argument of BIO_gets(3) is called "size", not "len"schwarze2021-11-141-6/+6
|
* fix a typo; diff from Matthias Schmidt <xosc dot org> on tech@schwarze2021-11-141-3/+3
|
* Put curly brace on the correct line.jsing2021-11-141-2/+3
|
* Test ASN1_STRING_copy(3).schwarze2021-11-132-1/+121
| | | | | | As a side effect, this also tests various aspects of ASN1_STRING_new(3), ASN1_STRING_set(3), ASN1_STRING_length_set(3), ASN1_STRING_get0_data(3), ASN1_STRING_length(3), and ASN1_STRING_type(3).
* Fix a nasty quirk in ASN1_STRING_copy(3).schwarze2021-11-131-2/+2
| | | | | | | | | In case of failure, it reported the failure but corrupted the type of the destination string. Instead, let's make sure that in case of failure, existing objects remain in their original state. OK tb@
* Document the interactions of X509_V_FLAG_USE_CHECK_TIME,schwarze2021-11-131-6/+35
| | | | | | | | X509_V_FLAG_NO_CHECK_TIME, X509_VERIFY_PARAM_set_time(3), X509_VERIFY_PARAM_set_flags(3), and X509_VERIFY_PARAM_clear_flags(3) in detail because the API design is both surprising and surprisingly complicated in this respect, and the resulting nasty traps have already caused bugs in the past.
* Mark the public X509_VP_FLAG_* constants as intentionally undocumented.schwarze2021-11-131-2/+11
| | | | | | With LibreSSL, they can only be used internally in the library itself, and even with OpenSSL, no real-world application code uses them. OK tb@
* Fix a bug in check_crl_time() that could result in incompleteschwarze2021-11-131-8/+8
| | | | | | | | | | | | | | | | | | | | | | | verification, accepting CRLs that ought to be rejected, if an unusual combination of verification flags was specified. If time verification was explicitly requested with X509_V_FLAG_USE_CHECK_TIME, it was skipped on CRLs if X509_V_FLAG_NO_CHECK_TIME was also set, even though the former is documented to override the latter both in the OpenSSL and in the LibreSSL X509_VERIFY_PARAM_set_flags(3) manual page. The same bug in x509_check_cert_time() was already fixed by beck@ in rev. 1.57 on 2017/01/20. This syncs the beginning of the function check_crl_time() with the OpenSSL 1.1.1 branch, which is still under a free license. OK beck@ This teaches that having too many flags and options is bad because they breed bugs, and even more so if they are poorly designed to override each other in surprising ways.
* document ASN1_STRING_copy(3)schwarze2021-11-131-4/+43
|
* Document the public constants X509_V_FLAG_POLICY_MASKschwarze2021-11-121-9/+43
| | | | | | | and X509_V_FLAG_USE_CHECK_TIME. While here, fix a typo and improve the wording for X509_V_FLAG_NOTIFY_POLICY.
* mention what X509_cmp_time(3) does with a cmp_time argument of NULLschwarze2021-11-121-3/+7
|
* As pointed out by tb@, LibreSSL no longer supports user-definedschwarze2021-11-124-56/+21
| | | | | | | | | X509_LOOKUP_METHODs because these objects are now opaque. Simplify the documentation accordingly, shortening it by about 35 input lines in total, but continue providing the information which RETURN VALUES functions might return with other implementations of the library. OK tb@
* In x509_vfy.h rev. 1.41, tb@ provided X509_STORE_CTX_get_by_subject(3),schwarze2021-11-123-18/+53
| | | | | | | | | | | | changed the return type of X509_OBJECT_get_type(3) and argument types of X509_LOOKUP_by_subject(3), X509_LOOKUP_by_issuer_serial(3), X509_LOOKUP_by_fingerprint(3), X509_LOOKUP_by_alias(3), X509_OBJECT_idx_by_subject(3), X509_OBJECT_retrieve_by_subject(3), and X509_STORE_get_by_subject(3) from int to X509_LOOKUP_TYPE, and in rev. 1.42, he provided X509_STORE_CTX_get_obj_by_subject(3). Adjust the documentation. Joint work with and OK tb@.
* mention the public constants XN_FLAG_SEP_MASK and XN_FLAG_FN_MASKschwarze2021-11-111-2/+6
|
* Mention the X509v3_KU_* aliases for the KU_* constantsschwarze2021-11-111-2/+16
| | | | | | because some third party application code uses them. List the full names (even though they are long) such that they can be found with "man -k Dv=...".
* Explicitly list all public functions in roff(7) commentsschwarze2021-11-111-6/+33
| | | | | that are related to this page but intentionally undocumented, to better support grepping the source directory for function names.
* new manual page X509_policy_tree_get0_policies(3),schwarze2021-11-114-6/+110
| | | | also documenting X509_policy_tree_get0_user_policies(3)
* Merge a few additional X509error(ERR_R_MALLOC_FAILURE) callsschwarze2021-11-101-39/+28
| | | | | | | | | | | | | | | | | | and various style improvements from the OpenSSL 1.1.1 branch, which is still under a free license. - No need to #include <openssl/lhash.h>. - BUF_MEM_free(3) and sk_pop_free(3) can handle NULL. - sk_value(3) can handle -1. - Test pointers with "== NULL" rather than with "!". - Use the safer "p = malloc(sizeof(*p))" idiom. - return is not a function. - Delete very wrong commented out code. Including parts of the these commits from the 2015 to 2018 time range: 25aaa98a b4faea50 90945fa3 f32b0abe 26a7d938 7fcdbd83 208056b2 5b37fef0 Requested by and OK tb@.
* If X509_load_cert_crl_file(3) does not find any certificatesschwarze2021-11-103-3/+7
| | | | | | | | | | | | | | | | | | and/or CRLs in the PEM input file (for example, if the file is empty), provide an error message in addition to returning 0. This merges another part of this OpenSSL commit, which is still under a free license: commit c0452248ea1a59a41023a4765ef7d9825e80a62b Author: Rich Salz <rsalz@openssl.org> Date: Thu Apr 20 15:33:42 2017 -0400 I did *not* add the similar message types X509_R_NO_CERTIFICATE_FOUND and X509_R_NO_CRL_FOUND because both code inspection and testing have shown that the code generating them is unreachable. OK tb@
* Sync some code style improvements from the OpenSSL 1.1.1 branch,schwarze2021-11-101-10/+9
| | | | | | | | | | | | | | which is still under a free license. No functional change. - No need to #include <openssl/lhash.h> here. - return is not a function. - Do not use the pointless macro BIO_s_file_internal(). - No need to check for NULL before X509_CRL_free(3). This includes parts of the following OpenSSL commits from the 2015 to 2017 timeframe: 222561fe, 9982cbbb, f32b0abe, 26a7d938 OK tb@
* Merge two bug fixes from the OpenSSL 1.1.1 branch, which is stillschwarze2021-11-101-8/+4
| | | | | | | | | | | | | | | | | | | | | | | | | under a free license: 1. If the three X509_load_*(3) functions are called with a NULL file argument, do not return 1 to the caller because the return value 1 means "i loaded one certificate or CRL into the store". 2. When calling PEM load functions, do not ask the user for a password in an interactive manner. This includes parts of the following commits: commit c0452248ea1a59a41023a4765ef7d9825e80a62b Author: Rich Salz <rsalz@openssl.org> Date: Thu Apr 20 15:33:42 2017 -0400 Message: [...] Remove NULL checks and allow a segv to occur. [...] commit db854bb14a7010712cfc02861731399b1b587474 Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Mon Aug 7 18:02:53 2017 +0200 Message: Avoid surpising password dialog in X509 file lookup. OK tb@
* Switch to <endian.h> from <machine/endian.h> for better portability.bcook2021-11-0912-30/+26
| | | | ok tb@
* Split a new page X509_load_cert_file(3) with three functionsschwarze2021-11-097-112/+157
| | | | | | | | | | | | | | | out of X509_LOOKUP_hash_dir(3) because both groups of functions differ substantially in purpose and structure. Rewrite the complete text of X509_load_cert_file(3) from scratch for correctness and clarity. This fixes several documentation errors: 1. The names of the constants were wrong, lacking the "X509_" prefix. 2. None of these functions support X509_FILETYPE_DEFAULT, neither in OpenSSL nor in LibreSSL. 3. The memory cache does not contain X509_STORE objects; instead, the X509_STORE object *is* the memory cache.
* Add ASPA OIDjob2021-11-092-0/+2
| | | | | | draft-ietf-sidrops-aspa-profile OK tb@
* Replace <sys/limits.h> with <limits.h>bcook2021-11-081-2/+2
| | | | ok tb@
* Document X509_gmtime_adj(3).schwarze2021-11-081-23/+67
| | | | | While here, improve some argument names, improve ordering of the material, and mention the meaning of negative and of large arguments,
* In X509_STORE_CTX, rename the X509_STORE store rather than ctx.tb2021-11-073-15/+15
| | | | ok gnezdo jsing
* In X509_STORE_CTX rename the misnamed last_untrusted to num_untrustedtb2021-11-073-17/+17
| | | | ok jsing
* new manual pagesschwarze2021-11-076-5/+288
| | | | ASN1_item_digest(3), ASN1_item_sign(3), and ASN1_item_verify(3)
* Improve formatting. The line breaks in the lists of methods were very ugly.schwarze2021-11-061-116/+76
| | | | | While here, put descriptions right after the prototypes they describe. No content change.
* Start cleaning up X509_STORE_get1_issuer()tb2021-11-061-15/+37
| | | | | | | | | | | | | | Get rid of the last X509_OBJECT_free_contents() call by moving the object from the stack to the heap. I deliberately kept the obj variable to keep obj and pobj separate. Rename the out parameter from issuer to out_issuer to ensure that we only assign it when we have acquired a reference that we can return. Add a new X509 *issuer. In the first part of the function, acquire an extra reference before check_issuer/check_time. In the second part of the function, acquire a reference inside the lock to avoid a race. Deal with ret only in one place. ok jsing
* In X509_STORE_get1_issuer() do not call the verify callback fromtb2021-11-061-3/+3
| | | | | | x509_check_cert_time(). Matches a change made in OpenSSL 70dd3c65. ok jsing
* Fix indent.jsing2021-11-061-8/+7
|
* Refactor X509_STORE_get1_certs()tb2021-11-061-27/+30
| | | | | | | | Split the retrieval of the certs in the store's cache that match the desired subject into a separate function. This greatly simplifies locking, error handling and the flow of the function. with/ok jsing
* typo: a static objects -> a static objecttb2021-11-051-3/+3
|
* First pass of streamlining X509_STORE_get1_{certs,crls}()tb2021-11-051-66/+77
| | | | | | | | | | | | | | These functions are quite messy. On top of the tricky logic querying the cache, then refreshing the cache (unconditionally or not), then querying again, then extracting a list of certs/crls and bumping their refcounts, things are intermixed with locking and needlessly early allocations that then need to be cleaned up again. Use X509_STORE_CTX_get_obj_by_subject() to avoid using an object on the stack and defer allocation of the returned stack of certs to later. Flatten the logic a bit and prepare for further refactoring. ok jsing
* Trade an abort() neutered by a comment for a blank line elsewhere.tb2021-11-051-2/+2
|
* Clean up X509_STORE_add_{cert,crl}().tb2021-11-051-69/+41
| | | | | | | | | | | | | | | | | | | | Add a X509_STORE_add_object() function that adds an X509 object to the store and takes care of locking and cleaning up. This way we can set up an X509_OBJECT for both the cert and CRL case and hand over to the new function. There is one intentional change of behavior: if there is an attempt to add an object which is already present in the store, succeed instead of throwing an error. This makes sense and is also the OpenSSL behavior. As pointed out by jsing, this is a partial fix for the long standing GH issue #100 on libtls where connections would fail if the store contains duplicate certificates. Also: remove the internal X509_OBJECT_dec_ref_count(), which is no longer used. ok jsing
* Unify variable names in X509_STORE_{free,up_ref,add_lookup}().tb2021-11-051-29/+26
| | | | | | simplify the flow of X509_add_lookup(). ok jsing
* Rename the ret variable in X509_OBJECT_new() to obj..tb2021-11-051-5/+5
| | | | ok jsing
* Garbage collect the unused skip member of X509_LOOKUP andtb2021-11-052-5/+1
| | | | | | the unused cache member of X509_STORE. ok jsing
* Use calloc() to remove the need of silly zeroing of most members.tb2021-11-051-28/+18
| | | | | | | Check for allocation failures and if one happens push an error on the stack and clean up using X509_STORE_free(). ok jsing
* Streamline and shorten x509_object_cmp() a bit.tb2021-11-051-11/+6
| | | | ok jsing
* Drop a bunch of unnecesary parentheses and unify the order in whichtb2021-11-051-17/+13
| | | | | | callbacks are called. ok jsing
* Cleanup X509_LOOKUP_new()tb2021-11-051-12/+11
| | | | | | | Switch from malloc() to calloc() and drop a bunch of initializations to 0. Call the returned object lu instead of the generic ret. ok jsing
* Garbage collect xobj->data.{ptr,pkey}tb2021-11-052-8/+6
| | | | | | | | | Both these are essentially unused. Remove the last use of data.ptr by initializing and copying the X509_OBJECT using memset() and struct assignment in X509_STORE_CTX_get_subject_by_name() and add a missing error check for X509_OBJECT_up_ref_count() while there. ok beck
* Cache sha512 hash and parsed not_before and not_after with X509 cert.beck2021-11-049-135/+149
| | | | | | | | | | | Replace sha1 hash use with sha512 for certificate comparisons internal to the library. use the cached sha512 for the validator's verification cache. Reduces our recomputation of hashes, and heavy use of time1 time conversion functions noticed bu claudio@ in rpki client. ok jsing@ tb@
* document d2i_X509_ALGORS(3) and i2d_X509_ALGORS(3)schwarze2021-11-031-5/+36
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-02 02:58:54 +0000