| Age | Commit message (Collapse) | Author |
|---|
|
version.
ok beck@ doug@
|
|
return code of a function in a man page. Let's remove the ambiguity and
half truths in here.
ok jsing@
|
|
and X509_verify_cert - We at least make it so an an init'ed ctx is not
"valid" until X509_verify_cert has actually been called, And we make it
impossible to return success without having the error set to ERR_V_OK.
ok jsing@
|
|
when we went to alternate cert chains. this correctly does not clobber
the ctx->error when using an alt chain.
ok jsing@
|
|
in the context. don't look for errors in case of success.
fixes spurious verify errors.
guilty change tracked and fix tested by sthen
|
|
the extern declaration of __got_{start,end}.
ok guenther@
|
|
- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald
- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)
- add new CA certificates from Mozilla's store from those organisations
which we already list
|
|
ok doug@
|
|
protocol version range.
This also fixes a bug whereby if all protocols were disabled, the client
would still use TLSv1.2 in the client hello, only to have if fail with
unsupported version when it received and processed the server hello.
ok doug@
|
|
LIBRESSL_INTERNAL.
|
|
|
|
assembly.
|
|
assembly. Of particular interest is ASN1_ITEM_ptr which does nothing
and resulted in code like:
if (method->it)
ASN1_ITEM_free(..., ASN1_ITEM_ptr(method->it));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defines - do not rely on another heading making those available for us.
|
|
|
|
|
|
Both functions are listed in <openssl/asn1.h>
and in OpenSSL doc/man3/d2i_X509.pod.
After reading the code, i'm not amused. You wouldn't think that
it might take eight stack levels to decode a constant sixteen bit
value that does not even allow a single content octet, or would
you? Nota bene, this is an average of four stack levels for each
non-zero bit decoded... :-(
|
|
commit 67adf0a7c273a82901ce8705ae8d71ee2f1c959c
Author: Markus Triska <triska@metalevel.at>
Date: Sun Dec 25 19:58:38 2016 +0100
|
|
encoding functions from scratch. All 46 functions are listed
in OpenSSL doc/man3/d2i_X509.pod.
|
|
|
|
|
|
both listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
|
|
d2i_X509_REVOKED(3), and i2d_X509_CRL_INFO(3), all listed in
<openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
|
|
Use simpler standard wordings.
Add X.509 references.
|
|
|
|
Improve the one-line description.
Use the standard wordings in some places.
Complete the RETURN VALUES section.
|
|
from scratch. All six functions are listed in <openssl/x509.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
|
in this page - but do include documentation for immediate
subobjects that are used nowhere else. All six functions
listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
|
|
Improve .Nd.
Sort functions.
Use the same parameter names as in ASN1_item_d2i(3).
Point to ASN1_item_d2i(3) for all he details.
Delete all the information that's now in ASN1_item_d2i(3).
Add missing entries to the RETURN VALUES section.
Add STANDARDS section.
|
|
Also document d2i_PKCS8_bio(3), i2d_PKCS8_bio(3), d2i_PKCS8_fp(3),
and i2d_PKCS8_fp(3) while here, listed in <openssl/x509.h>
and in OpenSSL doc/man3/d2i_X509.pod.
No, these functions have nothing to do with the many other d2i_PKCS8*(3)
functions all around, and nothing with PKCS#8 at all in the first place.
Read the BUGS section. I couldn't make this stuff up.
|
|
with i2d_PKCS8PrivateKeyInfo_bio(3).
While here, polish the cross references.
|
|
listed in <openssl/x509.h> and in OpenSSL doc/man3/d2i_X509.pod.
These functions are very similar to i2d_PrivateKey(3) but very
different from i2d_PKCS8PrivateKey_bio(3), that's why they go into
this manual page and not into the other one. When the naming was
decided, somebody clearly considered too briefly or too long.
|
|
These six function are listed in <openssl/x509.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
|
from scratch. All these functions are listed in <openssl/ocsp.h>
and in OpenSSL doc/man3/d2i_X509.pod.
|
|
from scratch. All functions listed in <openssl/ts.h>
and in OpenSSL doc/man3/s2i_X509.pod.
|
|
|
|
|
|
preprocessor output, excluding line numbers and newlines.
|
|
preprocesssor output.
|
|
nothing but markers for utils/mkstack.pl... and we removed the code that
generated more macros from these markers in 2014.
|
|
|
|
|
