| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
As suggested by schwarze, this removes
X509_EX_V_{INIT,NETSCAPE_HACK} and X509_EXT_PACK_{STRING,UNKNOWN}
ok inoguchi jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and/or CRLs in the PEM input file (for example, if the file
is empty), provide an error message in addition to returning 0.
This merges another part of this OpenSSL commit,
which is still under a free license:
commit c0452248ea1a59a41023a4765ef7d9825e80a62b
Author: Rich Salz <rsalz@openssl.org>
Date: Thu Apr 20 15:33:42 2017 -0400
I did *not* add the similar message types X509_R_NO_CERTIFICATE_FOUND
and X509_R_NO_CRL_FOUND because both code inspection and testing
have shown that the code generating them is unreachable.
OK tb@
|
| |
|
|
|
|
|
|
| |
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.
ok jsing
|
| |
|
|
|
|
| |
no longer needed.
ok jsing
|
| |
|
|
|
|
| |
parts of LibreSSL can no longer reach into them.
discussed with beck, jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
Identifiers
These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360).
Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf)
This changeset is a no-op, as there are 10+ issues and at least 2 security issues.
Work will continue in-tree.
OK tb@, discussed with beck@
|
| |
|
|
| |
ok bcook inoguchi jsing
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
|
|
| |
we can add const to PKCS8_pkey_get0(). In order for this to work,
we need to sprinkle a few consts here and there.
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
| |
Provide PKCS8_pkey_add1_attr_by_NID() and PKCS8_pkey_get0_attrs().
Remove the whole broken code and simplify pkcs8_priv_key_info_st
accordingly. Based on OpenSSL commit
54dbf42398e23349b59f258a3dd60387bbc5ba13 plus some const that was
added later.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
| |
those that OpenSSL has had for ages.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
a little:
Use X509_get0_pubkey() in place of X509_get_pubkey() and EVP_PKEY_free().
Check return value of the former in the appropriate place and simplify the
logic for dealing with the potentially NULL pkey argument (includes a neat
tweak from jsing). Finally, kill an ugly comment that has been rotting for
twenty years and merge the lines around it.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
X509_NAME_get_index_by_{OBJ,NID}().
tested in a bulk build by sthen
suggested by & ok jsing
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
| |
X509_get_ext(3), X509_get_ext_by_NID(3), X509_get_ext_by_OBJ(3),
X509_get_ext_by_critical(3), X509_get_ext_count(3), X509_get_ext_d2i(3).
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk build by sthen
input & ok jsing
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
X509_TRUST_get0_name(3), X509_TRUST_get_flags(3), and X509_TRUST_get_trust(3).
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
| |
X509_REVOKED_get_ext(3), X509_REVOKED_get_ext_count(3),
X509_REVOKED_get_ext_by_NID(3), X509_REVOKED_get_ext_by_OBJ(3),
X509_REVOKED_get_ext_by_critical(3), X509_REVOKED_get_ext_d2i(3).
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
|
| |
and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
X509_NAME_add_entry_by_OBJ(3) are now const.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
X509_NAME_add_entry(3).
tested in a bulk build by sthen,
ok jsing
|
| |
|
|
|
| |
Tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
| |
X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and
X509_NAME_ENTRY_set_object(3).
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
X509_EXTENSION_set_object(3) a 'const X509_EXTENSION *ex'.
tested in a bulk build by sthen,
ok jsing
|
| |
|
|
|
|
|
|
| |
X509_CRL_get_ext_count(3), X509_CRL_get_ext_by_NID(3),
X509_CRL_get_ext_by_OBJ(3), X509_CRL_get_ext_by_critical(3),
X509_CRL_get_ext(3), X509_CRL_get_ext_d2i(3).
ok jsing
|
| |
|
|
|
|
|
| |
X509_get_subject_name(3).
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
| |
|
|
|
|
|
| |
X509v3_get_ext_by_OBJ(3).
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
| |
|
|
|
|
|
|
| |
EVP_PKEY_get_attr_by_OBJ(3), X509at_get_attr_by_OBJ(3),
X509at_get0_data_by_OBJ(3), X509_REQ_get_attr_by_OBJ(3)
tested in a bulk by sthen
ok beck (as part of a larger diff)
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
into a wrapper that calls X509_PUBKEY_get0() and up refs.
|
| | |
|
| |
|
|
| |
From BoringSSL.
|
| | |
|
