| Commit message (Collapse) | Author | Files | Lines |
|---|
|
Better one-line description.
Specify the correct header file.
Same parameter names as in ASN1_item_d2i(3).
Lots of new information.
The ASN1_OBJECT interfaces appear specifically designed to maximize
the number and subtlety of traps, maybe in order to trap the wary
along with the unwary. All the quirks, caveats, and bugs of
ASN1_item_d2i(3) apply, and there are three additional ones on top
in this page.
It looks like that design approach was so successful that the designers
managed to trap even themselves: see the new BUGS section.
|
|
and OBJ_create(3) really do rather than making broad and incomplete
statements that are only true in some cases.
Improve the one-line descriptions.
Some minor wording improvements while here.
There is obviously more work to do in the vicinity...
|
|
both listed in <openssl/asn1.h> and in OpenSSL doc/man3/d2i_X509.pod.
Minor wording improvements while here.
|
|
|
|
does not document them. By being in <openssl/asn1.h>, they are
public, and it makes no sense to document accessors but not document
constructors and destructors.
Improve the one-line description.
Mention various missing details.
Many wording improvements.
Add some cross references.
|
|
CA chain or specify CA paths. This prevents attempts to access the file
system, which may fail due to pledge.
ok bluhm@
|
|
should not have changed the X509_STORE_CTX error value on success and it
was initialised to X509_V_OK by X509_STORE_CTX_init(). Other software also
depends on this behaviour.
Previously X509_verify_cert() was mishandling the X509_STORE_CTX error
value when validating alternate chains. This has been fixed and further
changes now explicitly ensure that the error value will be set to X509_V_OK
if X509_verify_cert() returns success.
|
|
|
|
version.
ok beck@ doug@
|
|
return code of a function in a man page. Let's remove the ambiguity and
half truths in here.
ok jsing@
|
|
and X509_verify_cert - We at least make it so an an init'ed ctx is not
"valid" until X509_verify_cert has actually been called, And we make it
impossible to return success without having the error set to ERR_V_OK.
ok jsing@
|
|
when we went to alternate cert chains. this correctly does not clobber
the ctx->error when using an alt chain.
ok jsing@
|
|
in the context. don't look for errors in case of success.
fixes spurious verify errors.
guilty change tracked and fix tested by sthen
|
|
- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald
- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)
- add new CA certificates from Mozilla's store from those organisations
which we already list
|
|
ok doug@
|
|
ok doug@
|
|
|
|
protocol version range.
This also fixes a bug whereby if all protocols were disabled, the client
would still use TLSv1.2 in the client hello, only to have if fail with
unsupported version when it received and processed the server hello.
ok doug@
|
|
LIBRESSL_INTERNAL.
|
|
things...
|
|
|
|
assembly.
|
|
|
|
assembly. Of particular interest is ASN1_ITEM_ptr which does nothing
and resulted in code like:
if (method->it)
ASN1_ITEM_free(..., ASN1_ITEM_ptr(method->it));
|
|
|
|
|
|
|
|
|
|
|
|
defines - do not rely on another heading making those available for us.
|
|
|
|
|
|
Both functions are listed in <openssl/asn1.h>
and in OpenSSL doc/man3/d2i_X509.pod.
After reading the code, i'm not amused. You wouldn't think that
it might take eight stack levels to decode a constant sixteen bit
value that does not even allow a single content octet, or would
you? Nota bene, this is an average of four stack levels for each
non-zero bit decoded... :-(
|
|
commit 67adf0a7c273a82901ce8705ae8d71ee2f1c959c
Author: Markus Triska <triska@metalevel.at>
Date: Sun Dec 25 19:58:38 2016 +0100
|
|
encoding functions from scratch. All 46 functions are listed
in OpenSSL doc/man3/d2i_X509.pod.
|
|
|
|
|
|
both listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
|
|
d2i_X509_REVOKED(3), and i2d_X509_CRL_INFO(3), all listed in
<openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
|
|
Use simpler standard wordings.
Add X.509 references.
|
|
|
|
Improve the one-line description.
Use the standard wordings in some places.
Complete the RETURN VALUES section.
|
|
from scratch. All six functions are listed in <openssl/x509.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
|
in this page - but do include documentation for immediate
subobjects that are used nowhere else. All six functions
listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
|
|
Improve .Nd.
Sort functions.
Use the same parameter names as in ASN1_item_d2i(3).
Point to ASN1_item_d2i(3) for all he details.
Delete all the information that's now in ASN1_item_d2i(3).
Add missing entries to the RETURN VALUES section.
Add STANDARDS section.
|
|
Also document d2i_PKCS8_bio(3), i2d_PKCS8_bio(3), d2i_PKCS8_fp(3),
and i2d_PKCS8_fp(3) while here, listed in <openssl/x509.h>
and in OpenSSL doc/man3/d2i_X509.pod.
No, these functions have nothing to do with the many other d2i_PKCS8*(3)
functions all around, and nothing with PKCS#8 at all in the first place.
Read the BUGS section. I couldn't make this stuff up.
|
|
with i2d_PKCS8PrivateKeyInfo_bio(3).
While here, polish the cross references.
|
|
listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
These functions are very similar to i2d_PrivateKey(3) but very
different from i2d_PKCS8PrivateKey_bio(3), that's why they go into
this manual page and not into the other one. When the naming was
decided, somebody clearly considered too briefly or too long.
|
|
These six function are listed in <openssl/x509.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
|
from scratch. All these functions are listed in <openssl/ocsp.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
