summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/ca.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-031-2/+2
|
* Indent labels with a single space so that diff prototypes are more useful.jsing2018-02-071-12/+12
|
* simplify startdate/enddate validationbeck2017-05-081-27/+5
| | | | ok jsing@
* Fix the ca command so that certs it generates have RFC5280 conformant time.beck2017-05-041-16/+56
| | | | Problem noticed by Harald Dunkel <harald.dunkel@aixigo.de>
* rearrange pledge promises into the canonical order; easier to eyeballderaadt2017-01-201-2/+2
|
* We don't need any VMS access tricks.deraadt2016-08-311-27/+4
| | | | ok beck tedu
* buf[][] with strange use all over the place is ridiculous, especiallyderaadt2016-08-301-15/+14
| | | | | if buf[1] is never used. ok guenther beck
* more e-mail -> emailmmcc2015-12-241-2/+2
|
* Exit if a pledge call fails in non-interactive mode.doug2015-10-171-2/+4
| | | | ok semarie@
* add "tty" for several subcommands of opensslsemarie2015-10-171-2/+2
| | | | | | | | | | | it is needed in order to let libssl UI_* function plays with echo on/off when asking for password on terminal. passwd subcommand needs additionnal "wpath cpath" in order to let it calls fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC). problem reported by several with and ok doug@
* Initial support for pledges in openssl(1) commands.doug2015-10-101-1/+6
| | | | | | | | | | | | | | | | openssl(1) has two mechanisms for operating: either a single execution of one command (looking at argv[0] or argv[1]) or as an interactive session than may execute any number of commands. We already have a top level pledge that should cover all commands and that's what interactive mode must continue using. However, we can tighten up the pledges when only executing one command. This is an initial stab at support and may contain regressions. Most commands only need "stdio rpath wpath cpath". The pledges could be further restricted by evaluating the situation after parsing options. deraadt@ and beck@ are roughly fine with this approach.
* add a couple of missing NULL checksbcook2015-09-211-3/+3
| | | | noted by Bill Parker (dogbert2) on github
* remove vestigial bits of sha-0 and md2 from openssl(1)bcook2015-09-211-2/+2
| | | | | | | | Noted by kinichiro on github. We probably need a better way to indicate the list of message digests that are allowed, as the current ones are nowhere near exhaustive (sigh - guenther@) OK guenther@ jmc@
* Nuke SSLEAY_CONF -- a backwards compatibility environment variable thatlteo2015-09-121-3/+1
| | | | | | | | | | has been superseded by OPENSSL_CONF and discouraged from use for almost 16 years. "Definately ok" jsing@ "burn it" deraadt@ "Kill it with fire" miod@ "KILL IT WITH FIRE!!! BURN!!!!" beck@
* fix unchecked mallocs - coverity 130454 and 130455beck2015-09-111-6/+15
| | | | ok jsing@
* Remove engine command and parameters from openssl(1).bcook2015-09-111-27/+9
| | | | | | | We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
* Correct spelling of OPENSSL_cleanse.jsing2015-09-101-2/+2
|
* Remove unused defines. No binary change.lteo2015-09-101-6/+1
| | | | ok deraadt@ miod@
* Remove all duplicate prototypes for *_main functions (these are alreadyjsing2015-08-221-3/+1
| | | | | | | | | provided by progs.h). Also, move the FUNCTION type (and flags) into openssl.c since that is the only place of use. Lastly, remove pointless 'extern' from the prototypes and use char **argv instead of char *argv[] (the former is used elsewhere). ok deraadt@ doug@
* Revert ca.c r1.7 - BN_to_ASN1_INTEGER() only allocates an ASN.1 integerjsing2015-07-221-6/+2
| | | | | | | | | when it is not passed a reference to one. In this case, it is passed a reference to an ASN.1 integer that is part of the X509 ASN.1 data structure. Freeing this causes bad things to happen, since it is used and then freed later on. Found the hard way by kinichiro inoguchi.
* Free memory when finished.doug2015-07-191-2/+6
| | | | | | Fixes coverity 78835. ok bcook@
* Remove effectively unused variable.doug2015-07-191-4/+1
| | | | | | Fixes Coverity issue 21693. ok beck@ bcook@
* Delete commented out code from openssl(1) apps.doug2015-02-081-13/+1
| | | | | | | | | | From OpenSSL commits: 6f91b017bbb7140f816721141ac156d1b828a6b3 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 a2b18e657ea1a932d125154f4e13ab2258796d90 ok miod@, jsing@
* Modify BSIZE to BUFLEN to avoid redefinition on HP-UX.bcook2015-02-071-3/+3
| | | | | | | | | | HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its getting included as a side-effect. I tracked back to at least from HP-UX 9.0 ca. 1993, up to the latest, so the user namespace is polluted. from kinichiro <kinichiro.inoguchi@gmail.com> ok miod@, jsing@
* Enable -Wshadow in openssl(1) and fix a few shadow warnings.doug2014-09-011-7/+7
| | | | ok jsing@
* openssl_setup() calls SSL_load_error_strings(), which happens to calljsing2014-08-281-2/+1
| | | | | ERR_load_crypto_strings() - as such, we do not need to call the same function from most of the applications.
* Move openssl(1) from /usr/sbin/openssl to /usr/bin/openssl, since it is notjsing2014-08-261-0/+2743
a system/superuser binary. At the same time, move the source code from its current lib/libssl/src/apps location to a more appropriate home under usr.bin/openssl. ok deraadt@ miod@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 08:24:08 +0000