| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Adjust x509_name_regress to the X509_NAME_print() fix in a_strex.c r1.38 | tb | 2 days | 1 | -15/+2 |
| | | |||||
| * | Add regress coverage for X509_NAME_oneline and X509_NAME_print | tb | 6 days | 2 | -1/+314 |
| | | |||||
| * | OpenSSL 1.1 is dead. Make this optionally use 3.3 instead. | tb | 2024-12-27 | 1 | -4/+4 |
| | | |||||
| * | Remove unwanted trailing newlines from err/warn format strings. | anton | 2024-08-23 | 5 | -10/+10 |
| | | |||||
| * | Add regress coverage for X509V3_get_d2i() | tb | 2024-06-17 | 1 | -1/+265 |
| | | |||||
| * | zap a stray space | tb | 2024-06-16 | 1 | -2/+2 |
| | | |||||
| * | Test that invalid operations push the X509V3_R_UNSUPPORTED_OPTION error | tb | 2024-05-28 | 1 | -1/+53 |
| | | |||||
| * | Add regress coverage for X509V3_add1_i2d() | tb | 2024-05-28 | 2 | -2/+605 |
| | | |||||
| * | rfc3779: remove redundant const. | tb | 2023-12-13 | 1 | -5/+5 |
| | | | | | | This is already included in the typedef (yuck) and makes some Windows compilers unhappy. | ||||
| * | constraints: \178 isn't a valid octal escape sequence | tb | 2023-12-13 | 1 | -2/+2 |
| | | |||||
| * | x509_asn1: avoid lookup table that makes some compilers whine | tb | 2023-12-13 | 1 | -59/+37 |
| | | |||||
| * | Add an empty line | tb | 2023-10-01 | 1 | -1/+2 |
| | | |||||
| * | Allow IP addresses to be specified in a URI. | beck | 2023-09-29 | 1 | -4/+50 |
| | | | | | | | | | | | | | Our checking here was a bit too aggressive, and did not permit an IP address in a URI. IP's in a URI are allowed for things like CRLdp's AIA, SAN URI's etc.). The check for this was also slightly flawed as we would permit an IP if memory allocation failed while checking for an IP. Correct both issues. ok tb@ | ||||
| * | Fix copy+paste error in x509 asn regress | job | 2023-06-05 | 1 | -3/+3 |
| | | |||||
| * | fix typo | tb | 2023-06-02 | 1 | -2/+2 |
| | | |||||
| * | Correct test that was pasto'ed incorrectly | beck | 2023-05-29 | 1 | -3/+7 |
| | | | | | This now tests what the comment says it does | ||||
| * | Make X509_NAME_get_text_by[NID|OBJ] safer. | beck | 2023-05-29 | 1 | -2/+77 |
| | | | | | | | | | | | | | | | | | This is an un-revert with nits of the previously landed change to do this which broke libtls. libtls has now been changed to not use this function. This change ensures that if something is returned it is "text" (UTF-8) and a C string not containing a NUL byte. Historically callers to this function assume the result is text and a C string however the OpenSSL version simply hands them the bytes from an ASN1_STRING and expects them to know bad things can happen which they almost universally do not check for. Partly inspired by goings on in boringssl. ok jsing@ tb@ | ||||
| * | Revert utf-8 fix for X509_NAME_get_index_by_NID to avoid libtls | beck | 2023-05-03 | 1 | -77/+2 |
| | | | | | | | | regress for the moment. this will come back after we rethink the failure versus not there case. ok tb@ jsing@ | ||||
| * | Change X509_NAME_get_index_by[NID|OBJ] to be safer. | beck | 2023-05-02 | 1 | -2/+77 |
| | | | | | | | | | | | | | | | | | | | | | | | Currently these functions return raw ASN1_STRING bytes as a C string and ignore the encoding in a "hold my beer I am a toolkit not a functioning API surely it's just for testing and you'd never send nasty bytes" kind of way. Sadly some callers seem to use them to fetch things liks subject name components for comparisons, and often just use the result as a C string. Instead, encode the resulting bytes as UTF-8 so it is something like "text", Add a failure case if the length provided is inadequate or if the resulting text would contain an nul byte. based on boringssl. nits by dlg@ ok tb@ | ||||
| * | Make warnings more precise | job | 2023-05-01 | 1 | -4/+4 |
| | | |||||
| * | x509_asn1: make this test pass again after reinstating DER preservation | tb | 2023-04-30 | 1 | -5/+5 |
| | | |||||
| * | Sort alphabetically | tb | 2023-04-30 | 1 | -2/+2 |
| | | |||||
| * | Remove unnecessary target | tb | 2023-04-30 | 1 | -4/+1 |
| | | |||||
| * | policy test: simplify Makefile | tb | 2023-04-30 | 1 | -9/+2 |
| | | |||||
| * | Free all libcrypto global state memory before returning | job | 2023-04-28 | 1 | -1/+3 |
| | | | | | Found with the help of Otto's malloc memory leak detector! | ||||
| * | Return a non-zero error exit code on any DER cache discrepancies | job | 2023-04-28 | 1 | -3/+3 |
| | | |||||
| * | Fix leaks reported by ASAN | tb | 2023-04-28 | 1 | -5/+1 |
| | | | | | debugged with job | ||||
| * | Enable policy checking by default now that we are DAG implementation based. | beck | 2023-04-28 | 1 | -1/+12 |
| | | | | | | | | This ensures that we will no longer silently ignore a certificate with a critical policy extention by default. ok tb@ | ||||
| * | The policy test is no longer expected to fail | tb | 2023-04-28 | 1 | -2/+1 |
| | | |||||
| * | Rearrange freeing of memory in the regress test | job | 2023-04-28 | 1 | -13/+9 |
| | | |||||
| * | make the policy test compile on sparc64 | tb | 2023-04-28 | 1 | -5/+6 |
| | | |||||
| * | Add X509_REQ_add_extensions and to X509_REQ_add1_attr to DER cache test | job | 2023-04-28 | 1 | -1/+139 |
| | | | | | | These new tests won't bubble up a non-zero error exit code because other libcrypto bits still need to land first. | ||||
| * | Hook up the the x509 policy regression tests to x509 regress. | beck | 2023-04-28 | 2 | -3/+4 |
| | | | | | | | | | | These were adapted from BoringSSL's regress tests for x509 policy. They are currently marked as expected to fail as we have not enabled LIBRESSL_HAS_POLICY_DAG by default yet, and the old tree based policy code from OpenSSL is special. These tests pass when we build with LIBRESSL_HAS_POLICY_DAG. | ||||
| * | Fix copyright, convert boringssl comments to C style | beck | 2023-04-28 | 1 | -30/+51 |
| | | |||||
| * | KNF | beck | 2023-04-28 | 1 | -17/+15 |
| | | | | | ok knfmt | ||||
| * | remove unused code. | beck | 2023-04-28 | 1 | -82/+7 |
| | | |||||
| * | remove debugging printf | beck | 2023-04-28 | 1 | -2/+1 |
| | | |||||
| * | This test should not have V_EXPLICIT_POLICY set. with this | beck | 2023-04-28 | 1 | -3/+1 |
| | | | | | corrected we pass | ||||
| * | Add the rest of the boringssl policy unit tests. | beck | 2023-04-28 | 1 | -4/+223 |
| | | | | | | We currently still fail two of these, looks like one more bug in extracting the depth for require policy from the certificate.. | ||||
| * | correct test cases to add expected errors. | beck | 2023-04-27 | 1 | -2/+30 |
| | | |||||
| * | Start of an x509 policy regress test. test cases from BoringSSL. | beck | 2023-04-27 | 29 | -0/+801 |
| | | | | | | | Still a work in progress adapting tests from boringssl x509_test.cc but dropping in here for tb to be able to look at and run as well since the new stuff still has bugs. | ||||
| * | Add test for invalidation of DER cache for X509_CRL_* setter functions | job | 2023-04-26 | 1 | -15/+171 |
| | | | | | | The program won't exit with a non-zero exit code if X509_CRL_set_* tests fail, as the relevant bits haven't been committed to libcrypto yet. | ||||
| * | Clean up X509 memory before exit | job | 2023-04-26 | 1 | -1/+4 |
| | | |||||
| * | Add lookup name+function pointer table for improved diagnostics | job | 2023-04-26 | 1 | -4/+29 |
| | | | | | OK tb@ | ||||
| * | Parameter names are not needed | job | 2023-04-26 | 1 | -4/+4 |
| | | |||||
| * | Remove unneeded parentheses | job | 2023-04-26 | 1 | -4/+4 |
| | | |||||
| * | No need to pass around const pointer cpder2 | job | 2023-04-26 | 1 | -18/+16 |
| | | | | | Suggested by tb@ | ||||
| * | Shrink signature as cpder is only needed as local variable | job | 2023-04-26 | 1 | -14/+15 |
| | | | | | Suggested by tb@ | ||||
| * | Replace macros with functions | job | 2023-04-26 | 1 | -99/+115 |
| | | | | | Requested by tb@ | ||||
| * | Rename dercache regress test to x509_asn1 | job | 2023-04-26 | 2 | -5/+5 |
| | | | | | Requested by jsing@ | ||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |