| Age | Commit message (Collapse) | Author |
|---|
|
|
|
The public API will be removed. This fixes its only consumer.
|
|
|
|
ok beck
|
|
The underlying API will be removed, so these commands have to go.
ok beck
|
|
|
|
|
|
|
|
Documentation on what the Microsoft-specific local machine keyset and the
cryptographic service provider are actually good for is hard to find. For
some reason (perhaps one million and two arguments for PKCS12_create() was
considered two too many) these hang off the EVP_PKEY in the attributes
member, which serves no other purpose.
Every use of EVP_PKEY (of which there are far too many) pays extra memory
taxes for this fringe use case. This complication is not worth it.
ok miod
|
|
|
|
This option allows to verify certs in a CMS object against additional
CRLs.
Ported from work by Tom Harrison from APNIC
OK tb@
|
|
Reduces diff in -portable
|
|
remove the re-arming in the handler. Better than using siginterrupt(),
and avoids the errno saving requirement in the handler also.
ok guenther millert
|
|
|
|
|
|
ok jsing
|
|
Google killed efforts to have SPKAC in html5 by zapping it from chrome
a decade ago. This effort doesn't look like it's going anywhere:
https://datatracker.ietf.org/doc/draft-leggett-spkac/
Unfortunately, PHP and Ruby still support NETSCAPE_SPKI, so we can't
kill that code, but I see no real reason we need to support this in our
openssl command. If the need should arise we can write a somewhat less
poor version of this.
ok jsing
|
|
This is very poorly written code and now the only consumer of some
public API that should not have survived the turn of the millenium.
ok jsing
|
|
of type 'volatile sig_atomic_t'
ok tb
|
|
ok jsing
|
|
suggested by jsing
|
|
ok job jsing
|
|
ok job jsing
|
|
partly checked by millert@
|
|
|
|
|
|
Well, it's a toolkit alright, and a terrible one at that, but TLS v1
(which is this beloved toolkit's name for TLS v1.0) is a thing firmly
from the past, so drop the v1.
|
|
CID 492603
|
|
The ts code is its own kind of special. I only sent this diff out to hear
beck squeal. This diff doesn't actually fix anything, apart from (maybe)
appeasing some obscure static analyzer. It is decidedly less bad than a
similar change in openssl's issue tracker.
ok beck
|
|
|
|
Noticed by Christian Andersen
|
|
This version of GOST is old and not anywhere close to compliant with
modern GOST standards. It is also very intrusive in libssl and
makes a mess everywhere. Efforts to entice a suitably minded anyone
to care about it have been unsuccessful.
At this point it is probably best to remove this, and if someone
ever showed up who truly needed a working version, it should be
a clean implementation from scratch, and have it use something
closer to the typical API in libcrypto so it would integrate less
painfully here.
This removes it from libssl in preparation for it's removal from
libcrypto with a future major bump
ok tb@
|
|
The ability to generate a new certificate is useful for testing and
experimentation with rechaining PKIs.
While there, alias '-key' to '-signkey' for compatibility.
with and OK tb@
|
|
The -set_issuer, -set_subject, and -force_pubkey features can be used to
'rechain' PKIs, for more information see https://labs.apnic.net/nro-ta/
and https://blog.apnic.net/2023/12/14/models-of-trust-for-the-rpki/
OK tb@
|
|
This undocumented, incomplete public function has never done anything
useful. It will be removed from libssl. Removing it from openssl(1)
clears the way for this.
ok jsing
|
|
ok jsing
|
|
This should allow us to constify a sizable table in libcrypto in an
upcoming bump.
|
|
We can call ASN1_item_unpack() which will end up stuffing the same
arguments into ASN1_item_d2i() as d2i_PBEPARAM(). This eliminates
the last struct access into X509_ALGOR outside libcrypto in the base
tree.
ok jsing
|
|
ok jsing
|
|
ASN1_time_parse() was useful while OpenSSL didn't have something sort of
equivalent, but now they do. Let's retire ASN1_time_parse() to internal.
This will require some patching in ports, but shrug.
ok beck
|
|
ok beck
|
|
|
|
This is uninteresting and rather meaningless except for the implementer.
No need to have several hundred lines of code backing half a dozen symbols
in the public API for this.
ok jsing
|
|
|
|
This is the only consumer of ERR_get_string_table(), which will go away.
ok jsing
|
|
|
|
While I'm here, change the no_ssl2 and no_ssl3 options to use
OPTION_DISCARD as well instead of continuing to set a no-op
option flag.
ok jsing@ tb@
|
|
ok tb@
|
|
This adds a few logic curlies to end up setting the EVP_MD to EVP_md_null()
as required by the API. This way ASN1_item_sign() now knows how to behave.
"ok = (rv == 2);" beck
|
|
After a few things in libcrypto were adjusted, this diff makes issuing
certificate requests with Ed25519 work.
ok beck
|
