| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
The ASN1_TIME_diff() API accepts NULL ASN1_TIMEs and interprets them
as "now". This is used in sysutils/monit, as found by semarie with a
crash after update. Implement this behavior by porting a version of
ASN1_TIME_to_tm() to LibreSSL and using it in ASN1_TIME_diff().
Tested by semarie
ok beck jsing semarie
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In this function, merge everything that is worth merging
from the OpenSSL 1.1.1 branch, which is still under a free license,
mostly the relevant part of commit 9b0a4531 Mar 14 23:48:47 2015 +0000
to use X509_ATTRIBUTE_get0_type(3) rather than re-implementing it.
While here,
* use d2i_X509_EXTENSIONS(3) rather than ASN1_item_d2i(3);
* test pointers explicitly against NULL, not with '!', as suggested by tb@;
* drop some useless parentheses as suggested by tb@.
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
that i noticed while documneting the function:
* missing return value check for ASN1_item_i2d(3) and
* missing return value check for OBJ_nid2obj(3).
In the function X509_REQ_add_extensions_nid(3), merge everything
that is worth merging from the OpenSSL 1.1.1 branch, which is still
under a free license; that's mostly parts of the commit 9b0a4531
Mar 14 23:48:47 2015 +0000 (containing the bugfix, even though the
OpenSSL commit message did not mention the bugs) and some minor
stylistic changes from 0f113f3e and 26a7d938.
While here, use i2d_X509_EXTENSIONS(3) instead of the layer-violating
call to ASN1_item_i2d(3), and include a few stylistic tweaks from tb@.
OK tb@, and jsing@ agreed on the general direction.
|
| |
|
|
|
|
|
|
| |
Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.
ok jsing
|
| |
|
|
|
|
| |
the generic 'ret' to obj' in X509.
Requested by jsing
|
| |
|
|
|
|
| |
no longer needed.
ok jsing
|
| |
|
|
| |
From job. Discussed at length with beck, claudio, job during h2k21
|
| |
|
|
|
|
| |
parts of LibreSSL can no longer reach into them.
discussed with beck, jsing
|
| |
|
|
| |
addition.
|
| | |
|
| | |
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
|
|
|
| |
around X509_STORE_get_by_subject() that eliminates the need of
allocating an object on the heap by hand.
ok beck inoguchi jsing
|
| |
|
|
|
|
| |
OpenSSL's signatures.
ok beck inoguchi jsing
|
| |
|
|
|
|
| |
Remove the now unused X509_LU_{RETRY,FAIL,PKEY}.
ok beck inoguchi jsing
|
| |
|
|
|
|
| |
opaque structs.
ok beck inoguchi jsing
|
| |
|
|
| |
ok beck inoguchi jsing
|
| |
|
|
| |
documenting five functions to customize CRL handling
|
| |
|
|
|
|
| |
to fail if parsing of a certificate extension failed.
Adjust the documentation accordingly.
OK tb@
|
| |
|
|
|
|
|
|
|
| |
indicates failure. The previous "error return" X509_V_ERR_UNSPECIFIED
translates to 1, i.e., success. This changes to the intended behavior
of x509_purp.c r1.3 and matches OpenSSL. This will need various
adjustments in the documentation.
ok jsing
|
| | |
|
| |
|
|
|
|
| |
while here, add the missing const qualifier to the obj argument of
X509_EXTENSION_create_by_OBJ(3) and correct a typo in the argument
name of X509_EXTENSION_get_data(3)
|
| |
|
|
| |
also documenting X509_REQ_print(3) and X509_REQ_print_fp(3)
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This is not yet hooked up and will not compile. Follow on commits
will KNF and then make it build.
ok jsing@ tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
Original commit message from beck:
Validate Subject Alternate Names when they are being added to certificates.
With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.
ok jsing@ tb@
|
| |
|
|
| |
documenting six functions for extensions in certification requests
|
| | |
|
| |
|
|
| |
and add .Xrs to relevant objects
|
| |
|
|
|
|
|
|
|
| |
* Say "number of bytes" instead of "length of bytes".
* Remove mention of a BUGS section that exists neither here nor in OpenSSL.
* List all authors who contributed Copyright-worthy amounts of text.
* Remove years from the Copyright line that saw no non-trivial changes.
* Add the year 2014: that's when Emilia wrote the i2d_re_X509_tbs() text.
* Improve merge comments.
|
| |
|
|
|
|
|
|
|
| |
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(
I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases
|
| | |
|
| |
|
|
|
|
| |
The symbol is not yet exposed and will show up with tb@'s forthcoming bump
ok tb@ jsing@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
discussed with schwarze
|
| | |
|
| |
|
|
|
| |
that the API is implemented as a macro. This will change in an
upcoming bump.
|
| |
|
|
| |
OK beck@ tb@
|
| |
|
|
| |
OK beck@
|
| |
|
|
| |
for X.501 Attributes in PKCS#10 certification requests
|
| | |
|
