summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_vfy.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Stop supporing "legcay" time formats that OpenSSL supports. Rewrite thebeck2015-10-191-22/+23
| | | | | | utctime and gentime wrappers accordingly. Along with some other cleanup. this also removes the need for timegm. ok bcook@ sthen@ jsing@
* Flense the greasy black guts of unreadble string parsing code out of three areasbeck2015-10-021-92/+36
| | | | | | | | | in asn1 and x509 code, all dealing with an ASN1_TIME. This brings the parsing together in one function that converts into a struct tm. While we are at it this also brings us into conformance with RFC 5280 for times allowed in an X509 cert, as OpenSSL is very liberal with what it allows. input and fixes from deraadt@ jsing@ guethther@ and others. ok krw@, guenther@, jsing@
* Add support for disabling certificate and CRL validity checking.jsing2015-09-141-9/+12
| | | | | | Loosely based on changes in OpenSSL. ok beck@
* Now that it is safe to invoke X509_STORE_CTX_cleanup() if X509_STORE_CTX_init()miod2015-07-191-3/+5
| | | | | fails, check its return value and correctly mop up after ourselves. ok beck@ doug@
* Simplify X509_STORE_CTX_init and make it safe with stack variables.doug2015-07-191-58/+55
| | | | | | | The current version is not safe with stack variables because it may return prematurely with a partially constructed object on error. ok miod@ a while back
* Avoid a potential out-of-bounds read in X509_cmp_time(), due to missingjsing2015-06-111-4/+27
| | | | | | | | | | length checks. Diff based on changes in OpenSSL. Fixes CVE-2015-1789. ok doug@
* Remove all getenv() calls, especially those wrapped by issetugid().deraadt2015-04-111-7/+1
| | | | | | | | | getenv()'s wrapped by issetugid() are safe, but issetugid() is correct difficult to impliment on many operating systems. By accident, a grand experiment was run over the last year, where issetugid() returned 1 (the safe value) on a few operating systems. Noone noticed & complained that certain environment variables were not working....... ok doug beck jsing, discussion with others
* More unifdef OPENSSL_NO_RFC3779 that got missed last time around.jsing2015-02-111-11/+1
| | | | Spotted by beck@
* The IMPLEMENT_STACK_OF and IMPLEMENT_ASN1_SET_OF macros were turned intojsing2015-02-101-9/+1
| | | | | noops around 15 years ago. Remove multiple occurances of both that still exist in the code today.
* check_cert(): be sure to reset ctx->current_crl to NULL before freeing it.miod2014-09-291-10/+5
| | | | | | | | | X509_STORE_CTX_init(): do not free the X509_STORE_CTX * parameter upon failure, for we did not allocate it and it might not come from the heap, such as in check_crl_path() in this very same file where X509_STORE_CTX_init() gets invoked with a stack address. ok bcook@
* Free sktmp when it's no longer needed. By doing so, we fix a bunch of memory ↵logan2014-07-171-2/+4
| | | | | | | | leaks. From miod@ OK from miod@ and guenther@
* jsing and I are investigating removal of all? most? 'getenv from library'deraadt2014-07-121-1/+3
| | | | | | | instances. This one for OPENSSL_ALLOW_PROXY_CERTS gets turned off first, especially since it had this special comment: /* A hack to keep people who don't want to modify their software happy */ ok beck jsing
* Principle of least surprise: make CMAC_CTX_free(), OCSP_REQ_CTX_free() andmiod2014-07-121-1/+4
| | | | | X509_STORE_CTX_free() accept NULL pointers as input without dereferencing them, like all the other well-behaved *_CTX_free() functions do.
* When looking for the issuer of a certificate, if the current candidate ismiod2014-07-111-8/+20
| | | | | | | expired or not valid yet, continue looking; only return an expired certificate if no valid certificates have been found. OpenSSL PR #3359 via OpenSSL trunk.
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-6/+6
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-101-1/+3
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-101-2/+4
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* remove unused, private version strings except SSL_version_strbcook2014-07-091-3/+1
| | | | | | Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
* wrap getenv OPENSSL_ALLOW_PROXY_CERTS in an issetugid check, to protectderaadt2014-06-201-2/+2
| | | | | setuid applications from being fooled. ok miod
* check stack push return and make some effort to clean up. ok beck miodtedu2014-06-191-2/+6
|
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* calloc instead of malloc/memset. from Benjamin Baiertedu2014-05-251-2/+1
|
* KNF.jsing2014-04-201-418/+554
|
* blunt force knftedu2014-04-181-538/+372
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-3/+3
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* correct cases of code occuring directly after goto/break/returnjsg2014-04-151-1/+0
| | | | ok miod@ guenther@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-5/+15
|
* resolve conflictsdjm2012-10-131-5/+0
|
* OpenSSL 1.0.0f: mergedjm2012-01-051-1/+1
|
* openssl-1.0.0e: resolve conflictsdjm2011-11-031-1/+5
|
* resolve conflicts, fix local changesdjm2010-10-011-144/+807
|
* update to openssl-0.9.8i; tested by several, especially krw@djm2009-01-051-4/+8
|
* resolve conflictsdjm2008-09-061-133/+348
|
* resolve conflictsdjm2006-06-271-1/+1
|
* resolve conflictsdjm2005-04-291-13/+118
|
* update missing pieces from 0.9.7d; ok henningmarkus2004-04-251-7/+48
| | | | crank minor for API extensions
* backout for nowmarkus2004-04-081-48/+7
|
* merge 0.9.7dmarkus2004-04-081-7/+48
|
* merge 0.9.7c; minor bugsfixes;markus2003-11-111-2/+2
| | | | | API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
* security fix from http://www.openssl.org/news/secadv_20030930.txtmarkus2003-09-301-1/+1
| | | | see also http://cvs.openssl.org/chngview?cn=11471
* merge 0.9.7b with local changes; crank majors for libssl/libcryptomarkus2003-05-121-1/+1
|
* OpenSSL 0.9.7 stable 2002 05 08 mergebeck2002-05-151-40/+307
|
* openssl-engine-0.9.6 mergebeck2000-12-151-193/+298
|
* OpenSSL 0.9.5a mergebeck2000-04-151-6/+16
|
* OpenSSL 0.9.5 mergebeck2000-03-191-20/+186
| | | | | | *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
* OpenSSL 0.9.4 mergebeck1999-09-291-143/+78
|
* Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD buildryker1998-10-051-0/+704
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 16:24:11 +0000