|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | X509_LOOKUP_METHODs because these objects are now opaque.
Simplify the documentation accordingly, shortening it by
about 35 input lines in total, but continue providing the
information which RETURN VALUES functions might return with
other implementations of the library.
OK tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | changed the return type of X509_OBJECT_get_type(3) and argument
types of X509_LOOKUP_by_subject(3), X509_LOOKUP_by_issuer_serial(3),
X509_LOOKUP_by_fingerprint(3), X509_LOOKUP_by_alias(3),
X509_OBJECT_idx_by_subject(3), X509_OBJECT_retrieve_by_subject(3),
and X509_STORE_get_by_subject(3) from int to X509_LOOKUP_TYPE, and
in rev. 1.42, he provided X509_STORE_CTX_get_obj_by_subject(3).
Adjust the documentation.
Joint work with and OK tb@. | 
| | |  | 
| | 
| 
| 
| 
| 
| | because some third party application code uses them.
List the full names (even though they are long)
such that they can be found with "man -k Dv=...". | 
| | 
| 
| 
| 
| | that are related to this page but intentionally undocumented,
to better support grepping the source directory for function names. | 
| | 
| 
| 
| | also documenting X509_policy_tree_get0_user_policies(3) | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | and various style improvements from the OpenSSL 1.1.1 branch,
which is still under a free license.
- No need to #include <openssl/lhash.h>.
- BUF_MEM_free(3) and sk_pop_free(3) can handle NULL.
- sk_value(3) can handle -1.
- Test pointers with "== NULL" rather than with "!".
- Use the safer "p = malloc(sizeof(*p))" idiom.
- return is not a function.
- Delete very wrong commented out code.
Including parts of the these commits from the 2015 to 2018 time range:
25aaa98a b4faea50 90945fa3 f32b0abe 26a7d938 7fcdbd83 208056b2 5b37fef0
Requested by and OK tb@. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | and/or CRLs in the PEM input file (for example, if the file
is empty), provide an error message in addition to returning 0.
This merges another part of this OpenSSL commit,
which is still under a free license:
  commit c0452248ea1a59a41023a4765ef7d9825e80a62b
  Author: Rich Salz <rsalz@openssl.org>
  Date:   Thu Apr 20 15:33:42 2017 -0400
I did *not* add the similar message types X509_R_NO_CERTIFICATE_FOUND
and X509_R_NO_CRL_FOUND because both code inspection and testing
have shown that the code generating them is unreachable.
OK tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | which is still under a free license.  No functional change.
- No need to #include <openssl/lhash.h> here.
- return is not a function.
- Do not use the pointless macro BIO_s_file_internal().
- No need to check for NULL before X509_CRL_free(3).
This includes parts of the following OpenSSL commits from
the 2015 to 2017 timeframe: 222561fe, 9982cbbb, f32b0abe, 26a7d938
OK tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | under a free license:
1. If the three X509_load_*(3) functions are called with a NULL
file argument, do not return 1 to the caller because the return
value 1 means "i loaded one certificate or CRL into the store".
2. When calling PEM load functions, do not ask the user for a
password in an interactive manner.
This includes parts of the following commits:
  commit   c0452248ea1a59a41023a4765ef7d9825e80a62b
  Author:  Rich Salz <rsalz@openssl.org>
  Date:    Thu Apr 20 15:33:42 2017 -0400
  Message: [...] Remove NULL checks and allow a segv to occur. [...]
  commit   db854bb14a7010712cfc02861731399b1b587474
  Author:  Bernd Edlinger <bernd.edlinger@hotmail.de>
  Date:    Mon Aug 7 18:02:53 2017 +0200
  Message: Avoid surpising password dialog in X509 file lookup.
OK tb@ | 
| | 
| 
| 
| | ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | out of X509_LOOKUP_hash_dir(3) because both groups of functions
differ substantially in purpose and structure.
Rewrite the complete text of X509_load_cert_file(3) from scratch
for correctness and clarity.
This fixes several documentation errors:
1. The names of the constants were wrong, lacking the "X509_" prefix.
2. None of these functions support X509_FILETYPE_DEFAULT,
neither in OpenSSL nor in LibreSSL.
3. The memory cache does not contain X509_STORE objects;
instead, the X509_STORE object *is* the memory cache. | 
| | 
| 
| 
| 
| 
| | draft-ietf-sidrops-aspa-profile
OK tb@ | 
| | 
| 
| 
| | ok tb@ | 
| | 
| 
| 
| 
| | While here, improve some argument names, improve ordering of the
material, and mention the meaning of negative and of large arguments, | 
| | 
| 
| 
| | ok gnezdo jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | ASN1_item_digest(3), ASN1_item_sign(3), and ASN1_item_verify(3) | 
| | 
| 
| 
| 
| | While here, put descriptions right after the prototypes they describe.
No content change. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Get rid of the last X509_OBJECT_free_contents() call by moving the object
from the stack to the heap. I deliberately kept the obj variable to keep
obj and pobj separate.  Rename the out parameter from issuer to out_issuer
to ensure that we only assign it when we have acquired a reference that we
can return. Add a new X509 *issuer. In the first part of the function,
acquire an extra reference before check_issuer/check_time.
In the second part of the function, acquire a reference inside the lock to
avoid a race.  Deal with ret only in one place.
ok jsing | 
| | 
| 
| 
| 
| 
| | x509_check_cert_time(). Matches a change made in OpenSSL 70dd3c65.
ok jsing | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | Split the retrieval of the certs in the store's cache that match the
desired subject into a separate function. This greatly simplifies
locking, error handling and the flow of the function.
with/ok jsing | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | These functions are quite messy. On top of the tricky logic querying the
cache, then refreshing the cache (unconditionally or not), then querying
again, then extracting a list of certs/crls and bumping their refcounts,
things are intermixed with locking and needlessly early allocations that
then need to be cleaned up again.
Use X509_STORE_CTX_get_obj_by_subject() to avoid using an object on the
stack and defer allocation of the returned stack of certs to later.
Flatten the logic a bit and prepare for further refactoring.
ok jsing | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Add a X509_STORE_add_object() function that adds an X509 object to the
store and takes care of locking and cleaning up. This way we can set up
an X509_OBJECT for both the cert and CRL case and hand over to the new
function.
There is one intentional change of behavior: if there is an attempt to
add an object which is already present in the store, succeed instead of
throwing an error. This makes sense and is also the OpenSSL behavior.
As pointed out by jsing, this is a partial fix for the long standing
GH issue #100 on libtls where connections would fail if the store
contains duplicate certificates.
Also: remove the internal X509_OBJECT_dec_ref_count(), which is no
longer used.
ok jsing | 
| | 
| 
| 
| 
| 
| | simplify the flow of X509_add_lookup().
ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| 
| 
| | the unused cache member of X509_STORE.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| | Check for allocation failures and if one happens push an error on
the stack and clean up using X509_STORE_free().
ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| 
| 
| | callbacks are called.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| | Switch from malloc() to calloc() and drop a bunch of initializations
to 0.  Call the returned object lu instead of the generic ret.
ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Both these are essentially unused. Remove the last use of data.ptr
by initializing and copying the X509_OBJECT using memset() and
struct assignment in X509_STORE_CTX_get_subject_by_name() and add
a missing error check for X509_OBJECT_up_ref_count() while there.
ok beck | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Replace sha1 hash use with sha512 for certificate comparisons internal
to the library. use the cached sha512 for the validator's verification
cache.
Reduces our recomputation of hashes, and heavy use of time1 time
conversion functions noticed bu claudio@ in rpki client.
ok jsing@ tb@ | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * memory leak in X509_set_subject_name(ret, X509_NAME_dup(xn));
* memory leak in X509_set_issuer_name(ret, X509_NAME_dup(xn));
* memory leak in X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
* missing return value check of X509_REQ_get_pubkey(r);
* missing return value check of X509_set_pubkey(...);
Some of these bugs have survived for twenty-five years.
I noticed the first two bugs while documenting the function,
then found that a commit in the OpenSSL 1.1.1 branch, which is
still under a free license, fixed all of them in 2016.
In the function X509_REQ_to_X509(3), merge everything worth merging
from OpenSSL 1.1.1, in particular the relevant parts of:
* 222561fe Apr 30 17:33:59 2015 -0400 (err: label cleanup)
* 0517538d Mar 17 00:15:48 2016 +0100 (the bugfix)
* c5137473 Apr 3  23:37:32 2016 +0200 (code simplification)
While here, delete some commented out code that is wrong in
multiple ways and untouched since the SSLeay era.
One code tweak for readability by tb@, and OK tb@. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The ASN1_TIME_diff() API accepts NULL ASN1_TIMEs and interprets them
as "now". This is used in sysutils/monit, as found by semarie with a
crash after update. Implement this behavior by porting a version of
ASN1_TIME_to_tm() to LibreSSL and using it in ASN1_TIME_diff().
Tested by semarie
ok beck jsing semarie | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | In this function, merge everything that is worth merging
from the OpenSSL 1.1.1 branch, which is still under a free license,
mostly the relevant part of commit 9b0a4531 Mar 14 23:48:47 2015 +0000
to use X509_ATTRIBUTE_get0_type(3) rather than re-implementing it.
While here,
* use d2i_X509_EXTENSIONS(3) rather than ASN1_item_d2i(3);
* test pointers explicitly against NULL, not with '!', as suggested by tb@;
* drop some useless parentheses as suggested by tb@.
OK tb@ | 
| | 
| 
| 
| 
| | Related to the bugfixes in x509_req.c rev. 1.25.
OK tb@. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | that i noticed while documneting the function:
* missing return value check for ASN1_item_i2d(3) and
* missing return value check for OBJ_nid2obj(3).
In the function X509_REQ_add_extensions_nid(3), merge everything
that is worth merging from the OpenSSL 1.1.1 branch, which is still
under a free license; that's mostly parts of the commit 9b0a4531
Mar 14 23:48:47 2015 +0000 (containing the bugfix, even though the
OpenSSL commit message did not mention the bugs) and some minor
stylistic changes from 0f113f3e and 26a7d938.
While here, use i2d_X509_EXTENSIONS(3) instead of the layer-violating
call to ASN1_item_i2d(3), and include a few stylistic tweaks from tb@.
OK tb@, and jsing@ agreed on the general direction. | 
| | |  | 
| | 
| 
| 
| 
| 
| | Found the hard way by sthen.
ok sthen | 
| | 
| 
| 
| 
| 
| 
| 
| | Garbage collect the now unused LIBRESSL_CRYPTO_INTERNAL and
LIBRESSL_OPAQUE_X509. Include "x509_lcl.h" where needed and
fix a couple of unnecessary reacharounds.
ok jsing | 
| | 
| 
| 
| 
| 
| | the generic 'ret' to obj' in X509.
Requested by jsing | 
| | 
| 
| 
| | ok inoguchi@ tb@ | 
| | 
| 
| 
| 
| 
| 
| | Also adjust for the changes to tlsext_sni_is_valid_hostname() and include
tests for IPv4 and IPv6 literals.
ok beck@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | For some time now we've validated the hostname provided to the server in
the SNI extension. Per RFC 6066, an IP literal is invalid as a hostname -
the current code rejects IPv6 literals, but allows IPv4 literals through.
Improve this check to explicitly detect both IPv4 and IPv6 literals. Some
software has been historically known to include IP literals in SNI, so
rather than rejecting this outright (and failing with a decode error),
pretend that the SNI extension does not exist (such that we do not break
some older clients).
ok inoguchi@ tb@ |