summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Add const to the argument of X509_NAME_ENTRY_get_data(3).tb2018-05-182-4/+4
| | | | | Tested in a bulk build by sthen ok jsing
* Add const qualifiers to the 'obj' and 'bytes' arguments oftb2018-05-182-10/+10
| | | | | | | | X509_NAME_ENTRY_create_by_NID(3), X509_NAME_ENTRY_create_by_OBJ(3), and X509_NAME_ENTRY_set_object(3). tested in a bulk build by sthen ok jsing
* X509_LOOKUP_by_alias() now takes a 'const char str *' andtb2018-05-182-9/+9
| | | | | | | X509_LOOKUP_by_fingerprint() 'const unsigned char *bytes'. tested in a bulk build by sthen ok jsing
* X509_EXTENSION_get_critical(3) now takes a 'const ASN1_OBJECT *obj' andtb2018-05-182-6/+7
| | | | | | | X509_EXTENSION_set_object(3) a 'const X509_EXTENSION *ex'. tested in a bulk build by sthen, ok jsing
* Add const qualifiers to the X509_CRL *x and ASN1_OBJECT *obj arguments oftb2018-05-182-16/+20
| | | | | | | | X509_CRL_get_ext_count(3), X509_CRL_get_ext_by_NID(3), X509_CRL_get_ext_by_OBJ(3), X509_CRL_get_ext_by_critical(3), X509_CRL_get_ext(3), X509_CRL_get_ext_d2i(3). ok jsing
* Add const qualifier to the argument of X509_get_issuer_name(3) andtb2018-05-132-6/+6
| | | | | | | X509_get_subject_name(3). tested in a bulk build by sthen ok jsing (as part of a larger diff)
* Add const qualifier to the ASN1_OBJECT * parameter oftb2018-05-132-5/+5
| | | | | | | X509v3_get_ext_by_OBJ(3). tested in a bulk build by sthen ok jsing (as part of a larger diff)
* Add a const qualifier to the ASN1_OBJECT * argument of the following:tb2018-05-133-12/+13
| | | | | | | | EVP_PKEY_get_attr_by_OBJ(3), X509at_get_attr_by_OBJ(3), X509at_get0_data_by_OBJ(3), X509_REQ_get_attr_by_OBJ(3) tested in a bulk by sthen ok beck (as part of a larger diff)
* Convert a handful of X509_*() functions to take const as in OpenSSL.tb2018-05-013-14/+15
| | | | | tested in a bulk by sthen ok jsing
* Fix whitespace on a few lines to reduce noise in an upcoming diff.tb2018-05-011-5/+5
|
* Fail early if an X509_VERIFY_PARAM is poisoned - don't allowbeck2018-04-081-8/+10
| | | | | this to be "overridden" by the user supplied callback. ok jsing@
* poison for X509_VERIFY_PARAM'sbeck2018-04-063-31/+54
| | | | | | | | | | | | Tighten up checks for various X509_VERIFY_PARAM functions, and allow for the verify param to be poisoned (preculding future successful cert validation) if the setting of host, ip, or email for certificate validation fails. (since many callers do not check the return code in the wild and blunder along anyway) Inspired by some discussions with Adam Langley. ok jsing@
* Fix two bugs in X509_NAME_add_entry(3):schwarze2018-04-041-7/+4
| | | | | | | | | | | | | | | | | | | | | | | | (1) Evaluate the "set" argument, which says whether to create a new RDN or to prepend or append to an existing one, before reusing it for a different purpose, i.e. for the "set" field of the new X509_NAME_ENTRY structure. (2) When incrementing of some "set" fields is needed, increment the correct ones: All those to the right of the newly inserted entry, but not the one of that entry itself. These two bugs caused wrong results whenever using loc != -1, i.e. whenever inserting rather than appending entries, even when using set == 0 only, that is, even when using single-values RDNs only. Both bugs have been continuously present since at least SSLeay-0.8.1 (released July 18, 1997) and the second one since at least SSLeay-0.8.0 (released June 25, 1997), so both are over twenty years old. I found these bugs by code inspection while trying to document the function X509_NAME_ENTRY_set(3), which is public, but undocumented in OpenSSL. OK beck@, jsing@
* Call strlen() if name length provided is 0, like OpenSSL does.beck2018-03-221-1/+3
| | | | | Issue notice by Christian Heimes <christian@python.org> ok deraadt@ jsing@
* Provide X509_STORE_get_ex_new_index macro.jsing2018-03-201-1/+5
|
* Provide X509_STORE_get0_param()tb2018-03-172-2/+9
| | | | ok jsing
* Provide X509_OBJECT_get_type(). Instead of the X509_LOOKUP_TYPE enumtb2018-03-172-2/+9
| | | | | | (which we don't have) it returns a plain int. ok jsing
* Provide X509_NAME_ENTRY_set()tb2018-03-172-2/+9
| | | | ok jsing
* Fix X509_get0_pubkey() - X509_get_pubkey() is a misnamed "get1" function,jsing2018-03-171-2/+4
| | | | | | so call X509_PUBKEY_get0() instead. Spotted by schwarze@ while documenting.
* Provide X509_PUBKEY_get0() by splitting X509_PUBKEY_get() and turning itjsing2018-03-171-1/+2
| | | | into a wrapper that calls X509_PUBKEY_get0() and up refs.
* Provide X509_REVOKED_dup().jsing2018-03-171-1/+2
|
* Provide X509_chain_up_ref().jsing2018-02-222-2/+21
| | | | From BoringSSL.
* Provide X509_STORE_get0_objects(), X509_STORE_get_ex_data() andjsing2018-02-222-2/+23
| | | | X509_STORE_set_ex_data().
* Provide X509_OBJECT_get0_X509() and X509_OBJECT_get0_X509_CRL().jsing2018-02-222-3/+20
|
* Provide X509_STORE_up_ref().jsing2018-02-222-4/+13
|
* Provide X509_STORE_CTX_get0_chain() and X509_STORE_CTX_get0_store().jsing2018-02-222-4/+20
|
* Provide X509_get0_tbs_sigalg().jsing2018-02-222-3/+10
|
* Provide X509_set1_notBefore() and X509_set1_notAfter().jsing2018-02-222-2/+16
|
* Provide X509_get0_pubkey().jsing2018-02-222-4/+11
|
* Provide X509_CRL_set1_lastUpdate() and X509_CRL_set1_nextUpdate().jsing2018-02-222-2/+16
|
* Provide X509_CRL_get0_extensions() and X509_CRL_get_signature_nid().jsing2018-02-221-1/+5
|
* Provide X509_CRL_up_ref().jsing2018-02-222-2/+11
|
* Provide X509_REQ_get_signature_nid().jsing2018-02-221-1/+3
|
* Provide X509_REVOKED_get0_extensions(), X509_REVOKED_get0_revocationDate()jsing2018-02-222-3/+24
| | | | and X509_REVOKED_get0_serialNumber().
* Provide X509_NAME_get0_der().jsing2018-02-201-1/+2
| | | | From OpenSSL.
* Provide X509_REQ_get0_signature()jsing2018-02-201-1/+4
|
* Provide X509_CRL_get0_{last,next}Update() and X509_CRL_get0_signature().jsing2018-02-201-1/+6
|
* Provide X509_get0_extensions() and X509_get0_signature()jsing2018-02-172-3/+11
|
* Provide X509_STORE_CTX_get0_{cert,untrusted}() andjsing2018-02-142-3/+31
| | | | X509_STORE_CTX_set0_{trusted_stack,untrusted}().
* Provide X509_get{0,m}_not{Before,After}().jsing2018-02-142-5/+37
|
* Provide X509_get_signature_nid().jsing2018-02-141-1/+3
|
* Expose X509_VERIFY_PARAM_* functions that appeared in the OpenSSL 1.0.2jsing2018-02-101-1/+16
| | | | API and are now in use by various libraries and applications.
* Please variable decl before code.deraadt2017-12-091-2/+2
|
* Make the symbol for ASN1_time_tm_clamp_notafter visible so libtlsbeck2017-08-271-1/+3
| | | | | can get at it, so libtls can also deal with notafter's past the realm of 32 bit time in portable
* Add ability to clamp a notafter to values representable in a 32 bit time_tbeck2017-08-131-5/+21
| | | | | | This will only be used in portable. As noted, necessary to make us conformant to RFC 5280 4.1.2.5. ok jsing@ bcook@
* Revert previous change that forced consistency between return value andbeck2017-04-281-10/+2
| | | | | | | error code, since this breaks the documented API. Under certain circumstances this will result in incorrect successful certiticate verification (where a user supplied callback always returns 1, and later code checks the error code to potentially abort post verification)
* revert previous accidental commitbeck2017-04-281-2/+10
|
* *** empty log message ***beck2017-04-281-10/+2
|
* Kill leak introduced with refactorbeck2017-02-051-3/+6
| | | | ok jsing@
* Send the function codes from the error functions to the bit bucket,beck2017-01-2915-178/+98
| | | | | | as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-28 23:48:51 +0000