| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
while here, add the missing const qualifier to the obj argument of
X509_EXTENSION_create_by_OBJ(3) and correct a typo in the argument
name of X509_EXTENSION_get_data(3)
|
| |
|
|
| |
also documenting X509_REQ_print(3) and X509_REQ_print_fp(3)
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This is not yet hooked up and will not compile. Follow on commits
will KNF and then make it build.
ok jsing@ tb@
|
| |
|
|
|
|
|
| |
ruby can no longer generate certs with bogus wildcards in it to check
that they will fail to verify when creating TLS connections. It will
throw an error. This change needs openssl-ruby-tests-20211024p0 or later
to work.
|
| |
|
|
|
|
|
|
|
|
|
| |
Original commit message from beck:
Validate Subject Alternate Names when they are being added to certificates.
With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.
ok jsing@ tb@
|
| | |
|
| |
|
|
| |
documenting six functions for extensions in certification requests
|
| | |
|
| |
|
|
| |
and add .Xrs to relevant objects
|
| |
|
|
|
|
|
|
|
| |
* Say "number of bytes" instead of "length of bytes".
* Remove mention of a BUGS section that exists neither here nor in OpenSSL.
* List all authors who contributed Copyright-worthy amounts of text.
* Remove years from the Copyright line that saw no non-trivial changes.
* Add the year 2014: that's when Emilia wrote the i2d_re_X509_tbs() text.
* Improve merge comments.
|
| |
|
|
|
|
|
|
|
| |
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(
I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases
|
| | |
|
| |
|
|
|
|
| |
The symbol is not yet exposed and will show up with tb@'s forthcoming bump
ok tb@ jsing@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
discussed with schwarze
|
| | |
|
| |
|
|
|
| |
that the API is implemented as a macro. This will change in an
upcoming bump.
|
| |
|
|
| |
OK beck@ tb@
|
| |
|
|
| |
OK beck@
|
| |
|
|
| |
ok tb@
|
| |
|
|
| |
for X.501 Attributes in PKCS#10 certification requests
|
| | |
|
| | |
|
| |
|
|
| |
while here, apply the usual conventions for naming d2i and i2d arguments
|
| |
|
|
|
|
|
| |
With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.
ok jsing@ tb@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
libssl bump.
|
| |
|
|
| |
Dunno why this ended up here, cvs is always full of surprises.
|
| |
|
|
|
|
| |
Apparently spotted by mortimer@ while working on clang 13 and amd64.
No actual change on sparc64 as this architecture still uses ld.bfd.
ok kettenis@
|
| | |
|
| |
|
|
| |
documenting four PKCS#8 PrivateKeyInfo accessors
|
| | |
|
| |
|
|
| |
Spotted by egcc. ok tb@
|
| |
|
|
| |
Spotted by egcc and probably clang 13. ok tb@
|
| | |
|
| |
|
|
|
|
|
|
| |
This is effectively the same record processing limit that was previously
added to the legacy TLS stack - without this a single session can be made
to spin on a stream of alerts or other similar records.
ok beck@ tb@
|
| |
|
|
|
|
| |
Also mop up some mostly unhelpful comments while here.
ok beck@ tb@
|
| |
|
|
| |
ok beck@ tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
|
