| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move
the ASN.1 function prototypes that we don't want to expose with them.
Include ts_local.h where necessary or where it will be needed soon.
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Guard the new code under LIBRESSL_INTERNAL to defer symbol addition and
minor library bump (thanks tb).
ts/ts.h bits from
RFC 5035 Enhanced Security Services (ESS) Update:
Adding CertID Algorithm Agility
ts/ts_asn1.c bits expanded from
ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
Feedback OK tb
|
| |
|
|
|
|
| |
It's defined again (more appropiately) further down above the error codes.
OK jsing tb
|
| |
|
|
|
|
|
| |
This script is not used at all and files are edited by hand instead.
Thus remove misleading comments incl. the obsolete script/config.
Feedback OK jsing tb
|
| |
|
|
|
|
|
| |
Should have been part of the previous commit. Omission noted by schwarze.
tested in bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
| |
TS_REQ_get_ext_by_OBJ(3), TS_REQ_set_policy_id(3),
TS_RESP_CTX_add_policy(3), TS_RESP_CTX_set_def_policy(3),
and TS_TST_INFO_get_ext_by_OBJ(3)
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
| |
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.
|
| |
|
|
|
|
|
|
|
| |
an OPENSSL_NO_* define. This avoids relying on something else pulling it
in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is
never going to do anything, since OPENSSL_NO_XYZ will never defined, due
to the fact that opensslconf.h has not been included.
This also includes some miscellaneous sorting/tidying of headers.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The TS_RESP_CTX_set_time_cb() API gets removed. Nothing in the greater
ecosystem ever calls it. This API needs to be removed, because if
anyone ever calls on a BE 32 system assuming long rather than time_t,
it will be dangerously incompatible.
ok miod guenther
|
| |
|
|
|
|
|
|
| |
Also check for _LP64 rather than __arch64__ (the former being more reliable
than __LP64__ or __arch64__) to tell 64-bit int platforms apart from 32-bit
int platforms.
Loosely based upon a diff from Martijn van Duren on tech@
|
| | |
|
| | |
|
| | |
|
| |
|
