Activity for CMP for OpenSSL
-
David von Oheimb committed [67722f]
Project moved to https://github.com/mpeylo/cmpossl
-
Project moved to https://github.com/mpeylo/cmpossl
-
project moved to https://github.com/mpeylo/cmpossl
-
Home
-
Home
-
Home
-
clarified documentation of -verify_hostname, -verify_ip, -verify_email
-
added -san_critical option; re-arranged options for improved structuring and consistency
-
added default SAN inheritance from refernce cert unless new -san_nodefault option is set
-
added -san_dns and -san_ip options for adding Subject Alternative Names
-
improved doc w.r.t. -subject and -oldcert; renamed 'prevcert' variable to 'refcert'
-
added error if multiple sources of SAN; renamed 'oldcert' variable to 'prevcert'
-
fix recently introduced bug which did not allow empty -reqexts
-
added -policies and -policies_critical option; adding policy OID parse error to lib
-
refactoring: extracted crm_new() from CMP_certreq_new()
-
fixed use of password input in load_certs_autofmt()
-
fixed loading of client cert in load_certs_also_pkcs12()
-
updated issue #s, added checks, refactoring: moved and compacted CMP_pollReq_new()
-
fixed bug: policy and SAN extensions were only added if ctx->reqExtensions set
-
added OpenSSL 1.0.2 compatibility define for X509_CRL_get0_nextUpdate
-
(re)-added OpenSSL_add_all_algorithms() needed for SHA256 with OpenSSL 1.0.2
-
refactoring: got rid of complicated OPT_ITERATE macro in apps/cmp.c
-
refactoring: extracted transform_opts() from (large) setup_ctx()
-
refactoring: extracted setup_request_ctx() from (still very large) setup_ctx()
-
refactoring: extracted setup_verification_ctx() from setup_ctx(); improved error reporting
-
restored certConf cert error output, simplifying code around CMP_validate_cert_path()
-
refactoring: extracted setup_protection_ctx() from (large) setup_ctx()
-
generalizied load_certs_multifile() towards independent upstream submission
-
removed duplicate CLI options check w.r.t. -unprotectedrequests and protection credentials
-
minor generalization of load_untrusted(), renamining it to load_certs_multifile()
-
added warning if CRL in -crls has expired; fixed double free on error
-
enable to use further certs in -cert and -tls_cert as extraCerts/TLS client chain
-
refactoring: extracted (still large) setup_ssl_ctx() from (still huge) setup_ctx()
-
using passwords on loading certificates from p12 files not documented
-
Adapt openSSL coding style
-
Done
-
Martin Peylo modified ticket #48
Have CTX functions to get info relevant for transfer Callback
-
done
-
certConf callback should be able to override initial check results by lib
-
improved backport CRMF BPM code w.r.t. ASN1_INTEGER_get_uin64() for Linux with OpenSSL 1.0.2
-
improved compatibility of cert_acceptable() with OPENSSL_VERSION_NUMBER < 0x10100005L
-
very minor UI improvements
-
added forgotten backslashes to reformatted macro definition
-
cleanup of CMP_PKISTATUSINFO_snprint() now also displaying multiple PKIFailureInfo entries
-
improved adherence to OpenSSL coding guidelines w.r.t. 80 char limit
-
Martin Peylo committed [e4c189]
Backporting CRMF BPM code due to ASN1_INTEGER_get_uin64() only appearing in 0x10100001L
-
Martin Peylo committed [3923ba]
restored backward compatibility with <1.1.0 for internal #include in cmp_lib.c
-
Martin Peylo committed [62dcde]
simplified backport CRMF BPM code w.r.t. ASN1_INTEGER_get_uin64()
-
simplified backport CRMF BPM code w.r.t. ASN1_INTEGER_get_uin64()
-
restored backward compatibility with <1.1.0 for internal #include in cmp_lib.c
-
Martin Peylo committed [5bfe8f]
replaced _opts by _arg for consistency; replaced set1_transfer by set_transfer; improved docu
-
Martin Peylo committed [faf271]
Creating possiblity to convey options to transfer cb via ctx
-
replaced _opts by _arg for consistency; replaced set1_transfer by set_transfer; improved docu
-
reformatting etc. for adherence to OpenSSL coding guidelines for apps/cmp.c
-
Martin Peylo committed [56a787]
Backporting CRMF BPM code due to ASN1_INTEGER_get_uin64() only appearing in 0x10100001L
-
Martin Peylo committed [c13da1]
Creating possiblity to convey options to transfer cb via ctx
-
Martin Peylo committed [a29602]
Autogenerated Files
-
Validate and overwork how subject/alt/names are set in certreq_new()
-
re-enabled cert verify error output for certConf_cb() solving ERR_clear_error() issue
-
fix bug#47: renamed -storepass to -certpass, slightly improving its CLI documentation
-
removed wrongly remaining diagnostic info from cert_acceptable() when used before calling ERR_set_mark()
-
extended diagnostics of CMP_CERTREPMESSAGE_certResponse_get0() and CMP_POLLREPCONTENT_pollRep_get0()
-
The typical console output of the app is (at exit, after saving received certificates etc.): crypto/bio/bio_lib.c:122: OpenSSL internal error: refcount error Aborted (core dumped)
-
OpenSSL internal refcount error on BIO_free(ctx->tlsBIO)
-
Martin Peylo committed [c52f47]
fixed signed/unsigned conversion in read_PKIMESSAGE
-
Martin Peylo committed [1fdc6c]
fixed memory leak w.r.t. all_crls in setup_ctx()
-
Martin Peylo committed [c2ffb1]
simplified error handling of set1_aostr_else_random()
-
Martin Peylo committed [a0cd82]
Fixing double free
-
Martin Peylo committed [d42cc4]
fixed signed/unsigned conversion in write_PKIMESSAGE
-
simplified error handling of set1_aostr_else_random()
-
fixed signed/unsigned conversion in read_PKIMESSAGE
-
fixed memory leak w.r.t. all_crls in setup_ctx()
-
fixed signed/unsigned conversion in write_PKIMESSAGE
-
unified naming approach for functions setting callbacks
-
callback function parameters not documented
-
Richard Levitte committed [a064c6]
Make sure ./config passes options to ./Configure correctly
-
Rich Salz committed [cbe296]
Consistent formatting for sizeof(foo)
-
Matt Caswell committed [49ea0f]
extending afalg with aes-cbc-192/256, afalgtest.c also updated accordingly. comments from matt, Stephen considered
-
Richard Levitte committed [0a90a6]
In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto()
-
Rich Salz committed [a00cce]
key_A and key_B had 3 references, only 2 were freed.
-
Richard Levitte committed [b35bb3]
Update eng_fat.c
-
Matt Caswell committed [f47270]
Update CHANGES and NEWS for new release
-
Richard Levitte committed [e7a206]
Document how the configuration option 'reconf' works
-
Richard Levitte committed [178673]
Document the possibility for command line argument env assignments
-
Matt Caswell committed [7e8a5e]
make get_cipher_handle static
-
Ben Kaduk committed [b6306d]
Fix coverity-reported errors in ocspapitest
-
Andy Polyakov committed [793376]
crypto/x86_64cpuid.pl: suppress AVX512F flag on Skylake-X.
-
Andy Polyakov committed [7ff2fa]
modes/asm/ghashv8-armx.pl: implement 4x aggregate factor.
-
Matt Caswell committed [e84282]
Fix the buffer sizing in the fatalerrtest
-
Richard Levitte committed [99aeee]
Configure: die if there are other arguments with 'reconf'
-
Andy Polyakov committed [aa7bf3]
modes/asm/ghashv8-armx.pl: optimize modulo-scheduled loop.
-
Ben Kaduk committed [cb0912]
Wrap more of ocspapitest.c in OPENSSL_NO_OCSP
-
Matt Caswell committed [77d759]
test/bntest.c: add rsaz_1024_mul_avx2 regression test.
-
Matt Caswell committed [2894e9]
Fix bug in TLSv1.3 PSK processing
-
Matt Caswell committed [a3d7fd]
fix --strict-warnings
-
Richard Levitte committed [d68a0e]
Remove unicode characters from source
-
Matt Caswell committed [563066]
bn/asm/rsaz-avx2.pl: fix digit correction bug in rsaz_1024_mul_avx2.
-
Matt Caswell committed [97652f]
Add a test for CVE-2017-3737
-
Richard Levitte committed [89bea0]
Make it possible to add env var assignments as Configure options
-
Matt Caswell committed [0759f9]
Fix minor typo in comment in rsa_st