Dr. Stephen Henson [Fri, 29 Jan 1999 23:34:19 +0000 (23:34 +0000)]
New program 'nseq' added to apps to allow Netscape certificate sequences to
be pulled apart and built.
Dr. Stephen Henson [Fri, 29 Jan 1999 01:53:55 +0000 (01:53 +0000)]
Allow the -certfile argument to be used multiple times in crl2pkcs7.
Also fix typos in the usage messages: "inout" instead of "input".
Ralf S. Engelschall [Thu, 28 Jan 1999 14:50:10 +0000 (14:50 +0000)]
Fill in more contents for the openssl(1) manpage.
Ralf S. Engelschall [Thu, 28 Jan 1999 14:48:31 +0000 (14:48 +0000)]
One more incorrect name in usage page
Ralf S. Engelschall [Thu, 28 Jan 1999 14:44:08 +0000 (14:44 +0000)]
Fix names in usage page of s_time, s_server and s_client
Mark J. Cox [Thu, 28 Jan 1999 10:40:38 +0000 (10:40 +0000)]
Fixes to BN code. Previously the default was to define BN_RECURSION
but the BN code had some problems that would cause failures when
doing certificate verification and some other functions.
Submitted by: Eric A Young from a C2Net version of SSLeay
Reviewed by: Mark J Cox
PR:
Dr. Stephen Henson [Thu, 28 Jan 1999 00:34:42 +0000 (00:34 +0000)]
Remember to add the new file this time :-)
Dr. Stephen Henson [Thu, 28 Jan 1999 00:16:44 +0000 (00:16 +0000)]
Add ASN1 code for netscape certificate sequences.
Dr. Stephen Henson [Tue, 26 Jan 1999 23:13:14 +0000 (23:13 +0000)]
Add a few extended key usage OIDs.
Dr. Stephen Henson [Tue, 26 Jan 1999 01:19:27 +0000 (01:19 +0000)]
Still more X509 V3 stuff. Modify ca.c to work with the new code and modify
openssl.cnf for the new syntax.
Ben Laurie [Mon, 25 Jan 1999 21:36:51 +0000 (21:36 +0000)]
Oops. One header too many.
Ben Laurie [Mon, 25 Jan 1999 21:25:54 +0000 (21:25 +0000)]
Update dependencies.
Ben Laurie [Mon, 25 Jan 1999 21:20:57 +0000 (21:20 +0000)]
Declare correctly on FreeBSD.
Ben Laurie [Mon, 25 Jan 1999 21:19:12 +0000 (21:19 +0000)]
Reduce header dependencies.
Dr. Stephen Henson [Mon, 25 Jan 1999 01:09:21 +0000 (01:09 +0000)]
More X509 V3 stuff. Add support for extensions in the 'req' application
so that: openssl req -x509 -new -out cert.pem
will take extensions from openssl.cnf a sample for a CA is included.
Also change the directory order so pem is nearer the end. Otherwise 'make links'
wont work because pem.h can't be built.
Dr. Stephen Henson [Sun, 24 Jan 1999 20:58:44 +0000 (20:58 +0000)]
Add file x509v3.err.
Ben Laurie [Sun, 24 Jan 1999 18:15:00 +0000 (18:15 +0000)]
Make sure people know when they need to rebuild the Makefile.
Ben Laurie [Sun, 24 Jan 1999 17:54:23 +0000 (17:54 +0000)]
Minor constification.
Dr. Stephen Henson [Sun, 24 Jan 1999 17:50:32 +0000 (17:50 +0000)]
Continuing adding X509 V3 support. This starts to integrate the code with
the main library, but only with printing at present. To see this try:
openssl x509 -in cert.pem -text
on a certificate with some extensions in it.
Dr. Stephen Henson [Sun, 24 Jan 1999 00:50:01 +0000 (00:50 +0000)]
Initial addition of new X509 V3 files, tidy of old files.
Ralf S. Engelschall [Thu, 21 Jan 1999 13:01:20 +0000 (13:01 +0000)]
Start keeping track of wishes people make on our mailing lists to make sure we
don't forget them and this way we have them bundled together.
Ben Laurie [Thu, 21 Jan 1999 11:46:01 +0000 (11:46 +0000)]
Correct bracketing error.
Dr. Stephen Henson [Wed, 20 Jan 1999 00:14:40 +0000 (00:14 +0000)]
Continued patches so certificates and CRLs now can support and use
GeneralizedTime.
Ben Laurie [Tue, 19 Jan 1999 23:25:22 +0000 (23:25 +0000)]
This time, get it right.
Ben Laurie [Tue, 19 Jan 1999 21:36:31 +0000 (21:36 +0000)]
Finally lay dependencies to rest (I hope!).
Ben Laurie [Tue, 19 Jan 1999 19:18:20 +0000 (19:18 +0000)]
Spelling mistake.
Dr. Stephen Henson [Mon, 18 Jan 1999 22:19:46 +0000 (22:19 +0000)]
This is the result of a "make errors" with the new error building functionality
in place.
Dr. Stephen Henson [Mon, 18 Jan 1999 22:18:38 +0000 (22:18 +0000)]
New err_code.pl script to retain old error codes. This should allow the use
of 'make errors' without causing huge re-organisations of files when a new
code is added.
Ben Laurie [Sun, 17 Jan 1999 16:28:06 +0000 (16:28 +0000)]
Ignore auto-generated programs.
Ben Laurie [Sun, 17 Jan 1999 16:27:15 +0000 (16:27 +0000)]
Dispose of generated programs.
Ben Laurie [Sun, 17 Jan 1999 16:26:24 +0000 (16:26 +0000)]
Fix major cockup with short keys in CAST-128.
Dr. Stephen Henson [Sun, 17 Jan 1999 15:10:33 +0000 (15:10 +0000)]
Update CHANGES for GeneralizedTime info.
Ben Laurie [Sun, 17 Jan 1999 14:20:20 +0000 (14:20 +0000)]
Correct Linux 1 recognition.
Contributed by: Ulf Möller <ulf@fitug.de>
Ben Laurie [Sun, 17 Jan 1999 14:19:31 +0000 (14:19 +0000)]
Oops. Missing NULL frees.
Ben Laurie [Sun, 17 Jan 1999 14:14:41 +0000 (14:14 +0000)]
Remove pointless MD5 hash.
Contributed by: Anonymous <nobody@replay.com>
Ben Laurie [Sun, 17 Jan 1999 14:10:08 +0000 (14:10 +0000)]
Generate an error on an invalid directory.
Dr. Stephen Henson [Sun, 17 Jan 1999 00:13:14 +0000 (00:13 +0000)]
Time to blow up the source tree :-) This is the beginning of support for
GeneralizedTime. At several points PKIX specifies that GeneralizedTime can be
used but OpenSSL doesn't currently support it. This patch adds several files
and a bunch of functions.
Of interest is the ASN1_TIME structure and its related functions. At several
points certificates, CRLs et al specify that a time can be expressed as a
choice of UTCTime and GeneralizedTime. Currently OpenSSL interprets this
(wrongly) as UTCTime because GeneralizedTime isn't supported. The ASN1_TIME
stuff provides this functionality.
Still todo is to trace which cert and CRL points need an ASN1_TIME and modify
the utilities appropriately and of course fix all the bugs.
Note new OpenSSL copyright in the new file a_time.c. I didn't put it in
a_gentm.c because it is a minimally modified form a_utctm.c .
Since this adds new files and error codes you will need to do a 'make errors'
at the top level to add the new codes.
Ben Laurie [Sat, 16 Jan 1999 18:46:23 +0000 (18:46 +0000)]
More prototypes.
Ben Laurie [Sat, 16 Jan 1999 17:56:00 +0000 (17:56 +0000)]
More prototypes.
Ben Laurie [Sat, 16 Jan 1999 17:49:12 +0000 (17:49 +0000)]
More prototypes.
Ben Laurie [Sat, 16 Jan 1999 17:40:04 +0000 (17:40 +0000)]
More prototypes.
Ben Laurie [Sat, 16 Jan 1999 17:28:15 +0000 (17:28 +0000)]
More prototypes.
Ben Laurie [Sat, 16 Jan 1999 17:12:36 +0000 (17:12 +0000)]
More prototypes.
Dr. Stephen Henson [Thu, 14 Jan 1999 18:25:07 +0000 (18:25 +0000)]
Fix parameters to dummy function BN_ref_mod_exp().
Dr. Stephen Henson [Thu, 14 Jan 1999 18:21:57 +0000 (18:21 +0000)]
Submitted by: Neil Costigan <neil.costigan@celocom.com>
PR:
Dr. Stephen Henson [Tue, 12 Jan 1999 18:40:33 +0000 (18:40 +0000)]
Fix OBJ_txt2nid(): old function was broken when input used the "dot" form, e.g.
1.2.3.4 . Also added new function OBJ_txt2obj().
Ben Laurie [Sun, 10 Jan 1999 20:36:02 +0000 (20:36 +0000)]
Add prototype, fix parameter passing bug.
Ben Laurie [Sun, 10 Jan 1999 19:41:33 +0000 (19:41 +0000)]
Fix comment.
Ben Laurie [Sat, 9 Jan 1999 19:15:59 +0000 (19:15 +0000)]
Sort openssl functions by name.
Dr. Stephen Henson [Sat, 9 Jan 1999 17:29:34 +0000 (17:29 +0000)]
Fix the gendsa program and add it to the app list. The progs.h file is
auto generated but not auto updated so it is included. Also remove the
encryption from the sample DSA keys.
Ben Laurie [Sat, 9 Jan 1999 13:01:35 +0000 (13:01 +0000)]
Get rid of redundant files.
Ben Laurie [Thu, 7 Jan 1999 19:15:59 +0000 (19:15 +0000)]
Accept NULL in *_free.
Ben Laurie [Thu, 7 Jan 1999 00:37:01 +0000 (00:37 +0000)]
Fix DH key generation.
Contributed by: Anonymous <nobody@replay.com>
Ben Laurie [Thu, 7 Jan 1999 00:16:37 +0000 (00:16 +0000)]
Send the right CAs to the client.
Ben Laurie [Thu, 7 Jan 1999 00:10:32 +0000 (00:10 +0000)]
Fix numeric -newkey args.
Contributed by: Bodo Moeller <3moeller@informatik.uni-hamburg.de>
Ben Laurie [Wed, 6 Jan 1999 23:18:08 +0000 (23:18 +0000)]
Fix export tests.
Ben Laurie [Wed, 6 Jan 1999 22:53:34 +0000 (22:53 +0000)]
Make the world a safer place (if people object to this kind of change, speak up
soon - I intend to do a lot of it!).
Dr. Stephen Henson [Wed, 6 Jan 1999 01:41:21 +0000 (01:41 +0000)]
Oops! update CHANGES file properly.
Dr. Stephen Henson [Wed, 6 Jan 1999 01:39:24 +0000 (01:39 +0000)]
Fix things so DH_free() will be no-op when passed NULL, like RSA_free() and
DSA_free(): this was causing crashes when for example an attempt was made
to handle a (currently) unsupported DH public key. Also X509_PUBKEY_set()i
wasn't checking errors from d2i_PublicKey().
Ben Laurie [Mon, 4 Jan 1999 21:43:32 +0000 (21:43 +0000)]
Free the right thing.
Ben Laurie [Mon, 4 Jan 1999 21:39:34 +0000 (21:39 +0000)]
Only free if it ain't NULL.
Ben Laurie [Mon, 4 Jan 1999 20:11:31 +0000 (20:11 +0000)]
Remove the bugfix that was really a bug.
Submitted by: Arne Ansper <arne@ats.cyber.ee>
Ben Laurie [Mon, 4 Jan 1999 19:55:12 +0000 (19:55 +0000)]
Pass on BIO_CTRL_FLUSH.
Submitted by: Arne Ansper <arne@ats.cyber.ee>
Paul C. Sutton [Mon, 4 Jan 1999 09:58:25 +0000 (09:58 +0000)]
The dir is named util/ and better to explicitly call the
perl interpreter because not everyone has it in /usr/local/bin/perl.
Dr. Stephen Henson [Sun, 3 Jan 1999 23:00:45 +0000 (23:00 +0000)]
More EVP_PKEY patches for new functionality.
Ralf S. Engelschall [Sun, 3 Jan 1999 15:31:11 +0000 (15:31 +0000)]
Make sure the already existing X509_STORE->depth variable is initialized
in X509_STORE_new(), but document the fact that this variable is still
unused in the certificate verification process.
Ralf S. Engelschall [Sun, 3 Jan 1999 14:58:44 +0000 (14:58 +0000)]
The dir is named util/ and better to explicitly call the
perl interpreter because not everyone has it in /usr/local/bin/perl.
Ralf S. Engelschall [Sun, 3 Jan 1999 13:17:47 +0000 (13:17 +0000)]
More .cvsignore stuff to make CVS quiet on our generated files.
Dr. Stephen Henson [Sun, 3 Jan 1999 02:15:34 +0000 (02:15 +0000)]
Remove one EVP_PKEY_free() that shouldn't be there.
Dr. Stephen Henson [Sun, 3 Jan 1999 01:08:33 +0000 (01:08 +0000)]
Make sure applications free up pkey structures and add netscape extension
handling to x509.c
Ben Laurie [Sat, 2 Jan 1999 19:04:27 +0000 (19:04 +0000)]
Fix reference counting.
Ben Laurie [Sat, 2 Jan 1999 19:03:46 +0000 (19:03 +0000)]
Don't confuse matters by using the wrong library.
Ben Laurie [Sat, 2 Jan 1999 19:01:41 +0000 (19:01 +0000)]
Fix tests for ssleay -> openssl.
Ralf S. Engelschall [Sat, 2 Jan 1999 16:28:51 +0000 (16:28 +0000)]
A few train of thoughts about the build procedure mess
Paul C. Sutton [Sat, 2 Jan 1999 16:02:24 +0000 (16:02 +0000)]
Update scripts to use "openssl" instead of "ssleay"
Paul C. Sutton [Sat, 2 Jan 1999 15:53:22 +0000 (15:53 +0000)]
Reflect change from "ssleay" to "openssl" as the main binary name.
Also document "sh config" as an easier alternative to "./Configure
system".
Paul C. Sutton [Sat, 2 Jan 1999 15:52:11 +0000 (15:52 +0000)]
Various ssleay to openssl fixups
Paul C. Sutton [Sat, 2 Jan 1999 15:08:29 +0000 (15:08 +0000)]
Binary is now apps/openssl not apps/ssleay so use the new name when
rehashing the test certs
Paul C. Sutton [Sat, 2 Jan 1999 15:05:08 +0000 (15:05 +0000)]
A couple more ssleay.cnf to openssl.cnf changes
Paul C. Sutton [Sat, 2 Jan 1999 14:42:23 +0000 (14:42 +0000)]
Some more changes for renaming the binary from ssleay to openssl.
I wonder what eay.c is?
Ralf S. Engelschall [Sat, 2 Jan 1999 12:59:33 +0000 (12:59 +0000)]
First cut of a cleanup for apps/. First the `ssleay' program is now named
`openssl' and second, the shortcut symlinks for the `openssl <command>' are no
longer created. This way we have a single and consistent command line
interface `openssl <command>', similar to `cvs <command>'.
Notice, the openssl.cnf, openssl.c and progs.pl files were changed after a
repository copy, i.e. they still contain the complete file history.
Ralf S. Engelschall [Sat, 2 Jan 1999 12:10:43 +0000 (12:10 +0000)]
Make GCC happy by removing an unused variable defintion.
Dr. Stephen Henson [Sat, 2 Jan 1999 01:53:06 +0000 (01:53 +0000)]
Move DSA test in ca.c inside #ifdef and make pubkey BIT STRING always have
zero unused bits.
Dr. Stephen Henson [Fri, 1 Jan 1999 18:43:44 +0000 (18:43 +0000)]
Add extended key usage OID and update STATUS file.
Ralf S. Engelschall [Fri, 1 Jan 1999 15:58:14 +0000 (15:58 +0000)]
cleanup of apps/ and an answer
Paul C. Sutton [Fri, 1 Jan 1999 14:17:55 +0000 (14:17 +0000)]
ssldir.pl did not correctly set the directory in utils/mk1mk.pl when
perl5 was used.
Paul C. Sutton [Fri, 1 Jan 1999 14:13:59 +0000 (14:13 +0000)]
Add votes
Paul C. Sutton [Fri, 1 Jan 1999 14:04:07 +0000 (14:04 +0000)]
Make the installation documentation easier to follow.
Paul C. Sutton [Fri, 1 Jan 1999 12:51:11 +0000 (12:51 +0000)]
Makefiles updated to exit if an error occurs in a sub-directory make
(including if user presses ^C)
stephen [Fri, 1 Jan 1999 00:54:48 +0000 (00:54 +0000)]
This is a quick hack conversion of the 'CA.sh' script to perl. It fixes one
bug in the original but is otherwise just as horrible :-)
Ralf S. Engelschall [Thu, 31 Dec 1998 21:51:27 +0000 (21:51 +0000)]
Remove more old temporary files from CVS
Ben Laurie [Thu, 31 Dec 1998 17:11:46 +0000 (17:11 +0000)]
Document recent changes.
Ben Laurie [Thu, 31 Dec 1998 17:08:34 +0000 (17:08 +0000)]
Fix name delete problem.
Ben Laurie [Thu, 31 Dec 1998 16:50:03 +0000 (16:50 +0000)]
Fix pem/err ordering.
Ralf S. Engelschall [Thu, 31 Dec 1998 12:52:23 +0000 (12:52 +0000)]
A hint about the license
Ralf S. Engelschall [Thu, 31 Dec 1998 12:14:27 +0000 (12:14 +0000)]
Some issues for voting
Ralf S. Engelschall [Thu, 31 Dec 1998 11:18:15 +0000 (11:18 +0000)]
More structuring and sorting of the SSL API documentation.
And the first steps to descriptions in prosa.
Ralf S. Engelschall [Thu, 31 Dec 1998 10:33:17 +0000 (10:33 +0000)]
Puhhh... now we've documented the prototypes of all 214 API "functions". This
is a pain to do, because of the various macro definitions which I had to
expand manually to get their prototype :-(
What's now needed is a volunteer who wants to write down one or two sentences
per API function to document it a little bit...
Ralf S. Engelschall [Thu, 31 Dec 1998 09:36:40 +0000 (09:36 +0000)]
Fix version stuff:
1. The already released version was 0.9.1c and not 0.9.1b
2. The next release should be 0.9.2 and not 0.9.1d, because
first the changes are already too large, second we should avoid any more
0.9.1x confusions and third, the Apache version semantics of
VERSION.REVISION.PATCHLEVEL for the version string is reasonable (and here
.2 is already just a patchlevel and not major change).
tVS: ----------------------------------------------------------------------
stephen [Thu, 31 Dec 1998 01:35:07 +0000 (01:35 +0000)]
Update CHANGES file for latest additions