| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
| |
This allows multiple entries without a subject even if unique_subject == yes.
Referred to OpenSSL commit 5af88441 and arranged for our codebase.
ok tb@
|
| |
|
|
|
|
| |
Referred to OpenSSL commit 4881d849 and arranged for our codebase.
comment and ok from tb@
|
| |
|
|
|
|
| |
Referred to OpenSSL commit a8d8e06b and arranged for our codebase.
comment and ok from tb@
|
| | |
|
| |
|
|
|
|
| |
Referred to OpenSSL commit 2cedf794 and arranged for our codebase.
ok tb@
|
| |
|
|
| |
suggested from tb@
|
| |
|
|
| |
ok tb@
|
| | |
|
| |
|
|
|
| |
suggested from tb@ for do_updatedb(),
and applied the same for do_body() and do_revoke().
|
| |
|
|
| |
comments from tb@
|
| |
|
|
| |
suggested from tb@
|
| |
|
|
| |
pointed out by tb@
|
| |
|
|
|
|
|
|
|
| |
Some functions are used without verifying the return value in openssl(1) ca.
This diff adds checking for the function return value.
With this diff, I changed return value of the write_new_certificate from void
to int to return the condition to the caller.
ok and comments from tb@
|
| | |
|
| |
|
|
| |
missed with r1.32
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
input from jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
New option handling for openssl(1) ca.
This diff is just replacing with new option handling, no functional change.
I'm using the word DN or RDN in description as manual uses them, rather than
replacing with "Distinguished Name" or "Relative Distinguished Name".
I would like to add another fixes below by follow-up diffs.
- remove space between '*' and pointer variable
- wrap 80+ long lines
- explicitly check pointer variable if it is NULL or not
comments and ok from jsing@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
Problem noticed by Harald Dunkel <harald.dunkel@aixigo.de>
|
| | |
|
| |
|
|
| |
ok beck tedu
|
| |
|
|
|
| |
if buf[1] is never used.
ok guenther beck
|
| | |
|
| |
|
|
| |
ok semarie@
|
| |
|
|
|
|
|
|
|
|
|
| |
it is needed in order to let libssl UI_* function plays with echo on/off when
asking for password on terminal.
passwd subcommand needs additionnal "wpath cpath" in order to let it calls
fopen("/dev/tty", "w") (O_WRONLY with O_CREAT | O_TRUNC).
problem reported by several
with and ok doug@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.
We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using. However, we can
tighten up the pledges when only executing one command.
This is an initial stab at support and may contain regressions. Most
commands only need "stdio rpath wpath cpath". The pledges could be
further restricted by evaluating the situation after parsing options.
deraadt@ and beck@ are roughly fine with this approach.
|
| |
|
|
| |
noted by Bill Parker (dogbert2) on github
|
| |
|
|
|
|
|
|
| |
Noted by kinichiro on github. We probably need a better way to indicate the
list of message digests that are allowed, as the current ones are nowhere near
exhaustive (sigh - guenther@)
OK guenther@ jmc@
|
| |
|
|
|
|
|
|
|
|
| |
has been superseded by OPENSSL_CONF and discouraged from use for almost
16 years.
"Definately ok" jsing@
"burn it" deraadt@
"Kill it with fire" miod@
"KILL IT WITH FIRE!!! BURN!!!!" beck@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
| |
We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.
ok jsing@
|
| | |
|
| |
|
|
| |
ok deraadt@ miod@
|
| |
|
|
|
|
|
|
|
| |
provided by progs.h). Also, move the FUNCTION type (and flags) into
openssl.c since that is the only place of use. Lastly, remove pointless
'extern' from the prototypes and use char **argv instead of char *argv[]
(the former is used elsewhere).
ok deraadt@ doug@
|
| |
|
|
|
|
|
|
|
| |
when it is not passed a reference to one. In this case, it is passed a
reference to an ASN.1 integer that is part of the X509 ASN.1 data
structure. Freeing this causes bad things to happen, since it is used and
then freed later on.
Found the hard way by kinichiro inoguchi.
|
| |
|
|
|
|
| |
Fixes coverity 78835.
ok bcook@
|
| |
|
|
|
|
| |
Fixes Coverity issue 21693.
ok beck@ bcook@
|
| |
|
|
|
|
|
|
|
|
| |
From OpenSSL commits:
6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90
ok miod@, jsing@
|
| |
|
|
|
|
|
|
|
|
| |
HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its
getting included as a side-effect. I tracked back to at least from HP-UX 9.0
ca. 1993, up to the latest, so the user namespace is polluted.
from kinichiro <kinichiro.inoguchi@gmail.com>
ok miod@, jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
| |
ERR_load_crypto_strings() - as such, we do not need to call the same
function from most of the applications.
|
|
|
a system/superuser binary. At the same time, move the source code from its
current lib/libssl/src/apps location to a more appropriate home under
usr.bin/openssl.
ok deraadt@ miod@
|
