| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
those that OpenSSL has had for ages.
ok jsing
|
| |
|
|
|
|
|
| |
Based on OpenSSL commit c5ebfcab713a82a1d46a51c8c2668c419425b387
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
| |
CID #118791
ok jsing mestre
|
| |
|
|
|
|
| |
sk_BY_DIR_HASH_find already does it, removing ambiguity later in the function.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
a little:
Use X509_get0_pubkey() in place of X509_get_pubkey() and EVP_PKEY_free().
Check return value of the former in the appropriate place and simplify the
logic for dealing with the potentially NULL pkey argument (includes a neat
tweak from jsing). Finally, kill an ugly comment that has been rotting for
twenty years and merge the lines around it.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
X509_NAME_get_index_by_{OBJ,NID}().
tested in a bulk build by sthen
suggested by & ok jsing
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
| |
Sprinkle a few spaces after commas while there. Omitted from
earlier commit to reduce noise in the diff.
|
| |
|
|
|
|
|
|
| |
X509_get_ext(3), X509_get_ext_by_NID(3), X509_get_ext_by_OBJ(3),
X509_get_ext_by_critical(3), X509_get_ext_count(3), X509_get_ext_d2i(3).
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk build by sthen
input & ok jsing
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
X509_TRUST_get0_name(3), X509_TRUST_get_flags(3), and X509_TRUST_get_trust(3).
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
|
| |
X509_REVOKED_get_ext(3), X509_REVOKED_get_ext_count(3),
X509_REVOKED_get_ext_by_NID(3), X509_REVOKED_get_ext_by_OBJ(3),
X509_REVOKED_get_ext_by_critical(3), X509_REVOKED_get_ext_d2i(3).
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
X509_NAME_print{,_ex{,_fp}}(3).
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| |
|
|
|
|
|
| |
and to the 'obj' argument of X509_NAME_get_index_by_OBJ(3)
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
| |
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
X509_NAME_add_entry_by_OBJ(3) are now const.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
X509_NAME_add_entry(3).
tested in a bulk build by sthen,
ok jsing
|
| |
|
|
|
| |
Tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
|
| |
X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and
X509_NAME_ENTRY_set_object(3).
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
X509_LOOKUP_by_fingerprint() 'const unsigned char *bytes'.
tested in a bulk build by sthen
ok jsing
|
| |
|
|
|
|
|
| |
X509_EXTENSION_set_object(3) a 'const X509_EXTENSION *ex'.
tested in a bulk build by sthen,
ok jsing
|
| |
|
|
|
|
|
|
| |
X509_CRL_get_ext_count(3), X509_CRL_get_ext_by_NID(3),
X509_CRL_get_ext_by_OBJ(3), X509_CRL_get_ext_by_critical(3),
X509_CRL_get_ext(3), X509_CRL_get_ext_d2i(3).
ok jsing
|
| |
|
|
|
|
|
| |
X509_get_subject_name(3).
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
| |
|
|
|
|
|
| |
X509v3_get_ext_by_OBJ(3).
tested in a bulk build by sthen
ok jsing (as part of a larger diff)
|
| |
|
|
|
|
|
|
| |
EVP_PKEY_get_attr_by_OBJ(3), X509at_get_attr_by_OBJ(3),
X509at_get0_data_by_OBJ(3), X509_REQ_get_attr_by_OBJ(3)
tested in a bulk by sthen
ok beck (as part of a larger diff)
|
| |
|
|
|
| |
tested in a bulk by sthen
ok jsing
|
| | |
|
| |
|
|
|
| |
this to be "overridden" by the user supplied callback.
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Tighten up checks for various X509_VERIFY_PARAM functions, and
allow for the verify param to be poisoned (preculding future
successful cert validation) if the setting of host, ip, or email
for certificate validation fails. (since many callers do not
check the return code in the wild and blunder along anyway)
Inspired by some discussions with Adam Langley.
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(1) Evaluate the "set" argument, which says whether to create a new
RDN or to prepend or append to an existing one, before reusing it
for a different purpose, i.e. for the "set" field of the new
X509_NAME_ENTRY structure.
(2) When incrementing of some "set" fields is needed, increment the
correct ones: All those to the right of the newly inserted entry,
but not the one of that entry itself.
These two bugs caused wrong results whenever using loc != -1,
i.e. whenever inserting rather than appending entries, even when
using set == 0 only, that is, even when using single-values RDNs only.
Both bugs have been continuously present since at least SSLeay-0.8.1
(released July 18, 1997) and the second one since at least SSLeay-0.8.0
(released June 25, 1997), so both are over twenty years old.
I found these bugs by code inspection while trying to document the
function X509_NAME_ENTRY_set(3), which is public, but undocumented
in OpenSSL.
OK beck@, jsing@
|
| |
|
|
|
| |
Issue notice by Christian Heimes <christian@python.org>
ok deraadt@ jsing@
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
(which we don't have) it returns a plain int.
ok jsing
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
| |
so call X509_PUBKEY_get0() instead.
Spotted by schwarze@ while documenting.
|
| |
|
|
| |
into a wrapper that calls X509_PUBKEY_get0() and up refs.
|
| | |
|
| |
|
|
| |
From BoringSSL.
|
| |
|
|
| |
X509_STORE_set_ex_data().
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
