- 28 3月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
verified structure can contain its own CRLs (such as PKCS#7 signedData). Tidy up some of the verify code.
-
- 06 3月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in CRL issuer certificates. Reject CRLs with unhandled (any) critical extensions.
-
- 01 10月, 2003 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 04 6月, 2003 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 10 12月, 2002 1 次提交
-
-
由 Richard Levitte 提交于
PR: 393
-
- 28 11月, 2002 1 次提交
-
-
由 Richard Levitte 提交于
I've covered all the memset()s I felt safe modifying, but may have missed some.
-
- 18 11月, 2002 1 次提交
-
-
由 Richard Levitte 提交于
Epoch. offset isn't such a measurement, so let's stop pretend it is.
-
- 23 2月, 2002 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 21 10月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reject certificates with unhandled critical extensions.
-
- 02 9月, 2001 1 次提交
-
-
由 Geoff Thorpe 提交于
See the commit log message for that for more information. NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented (initialisation by "memset" won't/can't/doesn't work). This fixes that but requires that X509_STORE_CTX_init() be able to handle errors - so its prototype has been changed to return 'int' rather than 'void'. All uses of that function throughout the source code have been tracked down and adjusted.
-
- 13 8月, 2001 1 次提交
-
-
由 Geoff Thorpe 提交于
setting stack (actually, array) values in ex_data. So only increment the global counters if the underlying CRYPTO_get_ex_new_index() call succeeds. This change doesn't make "ex_data" right (see the comment at the head of ex_data.c to know why), but at least makes the source code marginally less frustrating.
-
- 30 7月, 2001 1 次提交
-
-
由 Lutz Jänicke 提交于
-
- 09 5月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
inherited from X509_STORE. Add CRL checking options to other applications.
-
- 08 5月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Initial CRL based revocation checking.
-
- 20 2月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I've checked fairly well that nothing breaks with this (apart from external software that will adapt if they have used something like NO_KRB5), but I can't guarantee it completely, so a review of this change would be a good thing.
-
- 28 1月, 2001 1 次提交
-
-
由 Bodo Möller 提交于
-
- 20 1月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 16 12月, 2000 1 次提交
-
-
由 Bodo Möller 提交于
-
- 23 9月, 2000 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Only use the new informational verify codes if we specifically ask for them. Fix typo in docs.
-
- 06 9月, 2000 5 次提交
-
-
由 Bodo Möller 提交于
add some whitespace for 'if ()', 'for ()', 'while ()' to distinguish keywords from function names, and finally remove parens around return values (why be stingy with whitespace but fill the source code with an abundance of parentheses that are not needed to structure expressions for readability?).
-
由 Bodo Möller 提交于
usually get a space between keyword and opening paranthesis so that they don't look like function calls, where no space is used.
-
由 Bodo Möller 提交于
-
由 Dr. Stephen Henson 提交于
Add support for settable verify time in X509_verify_cert(). Document rsautl utility.
-
由 Dr. Stephen Henson 提交于
The old code was painfully primitive and couldn't handle distinct certificates using the same subject name. The new code performs several tests on a candidate issuer certificate based on certificate extensions. It also adds several callbacks to X509_VERIFY_CTX so its behaviour can be customised. Unfortunately some hackery was needed to persuade X509_STORE to tolerate this. This should go away when X509_STORE is replaced, sometime... This must have broken something though :-(
-
- 22 8月, 2000 1 次提交
-
-
由 Dr. Stephen Henson 提交于
initialize ex_pathlen to -1 so it isn't checked if pathlen is not present. set ucert to NULL in apps/pkcs12.c otherwise it gets freed twice. remove extraneous '\r' in MIME encoder. Allow a NULL to be passed to X509_gmtime_adj() Make PKCS#7 code use definite length encoding rather then the indefinite stuff it used previously.
-
- 26 7月, 2000 1 次提交
-
-
由 Dr. Stephen Henson 提交于
ASN1_TIME fixes. New function c2i_ASN1_OBJECT().
-
- 02 6月, 2000 1 次提交
-
-
由 Richard Levitte 提交于
like Malloc, Realloc and especially Free conflict with already existing names on some operating systems or other packages. That is reason enough to change the names of the OpenSSL memory allocation macros to something that has a better chance of being unique, like prepending them with OPENSSL_. This change includes all the name changes needed throughout all C files.
-
- 07 3月, 2000 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 02 3月, 2000 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix bug which would free up a public key twice if the verify callback tried to continue after a signature failure.
-
- 26 2月, 2000 2 次提交
-
-
由 Bodo Möller 提交于
where the new functions are mentioned.
-
由 Dr. Stephen Henson 提交于
-
- 12 2月, 2000 1 次提交
-
-
由 Ben Laurie 提交于
-
- 31 1月, 2000 1 次提交
-
-
由 Ulf Möller 提交于
eliminate some of the -Wcast-qual warnings (debug-ben-strict target)
-
- 24 1月, 2000 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Tidy up CRYPTO_EX_DATA structures.
-
- 09 1月, 2000 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Remove references to 'TXT' in -inform and -outform switches.
-
- 30 11月, 1999 1 次提交
-
-
由 Dr. Stephen Henson 提交于
SSL_CTX and SSL, functions to set them and defaults if no values set.
-
- 29 11月, 1999 1 次提交
-
-
由 Dr. Stephen Henson 提交于
yet. Add a function X509_STORE_CTX_purpose_inherit() which implements the logic of "inheriting" purpose and trust from a parent structure and using a default: this will be used in the SSL code and possibly future S/MIME. Partial documentation of the 'verify' utility. Still need to document how all the extension checking works and the various error messages.
-
- 28 11月, 1999 1 次提交
-
-
由 Dr. Stephen Henson 提交于
trust settings of the root CA. After a few fixes it seems to work OK. Still need to add support to SSL and S/MIME code though.
-
- 24 11月, 1999 1 次提交
-
-
由 Dr. Stephen Henson 提交于
at present. However nothing enables it yet so this doesn't matter :-)
-
- 17 11月, 1999 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-