summaryrefslogtreecommitdiff
path: root/apps/lib
Commit message (Collapse)AuthorAgeFilesLines
* Update copyright yearMatt Caswell2020-04-233-3/+3
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
* Update comment on crls_http_cb() as it does support non-blocking I/O since ↵Dr. David von Oheimb2020-04-201-3/+2
| | | | | | | | #10667 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11273)
* GOST2012 TLS ClientCertificateType Identifiers supportNikolay Morozov2020-04-181-1/+1
| | | | | | | | | For GOST2012-GOST8912-GOST8912 IANA introduce ClientCertificateType Identifiers https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-2 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11558)
* Move legacy ciphers into the legacy providerShane Lontis2020-04-091-0/+23
| | | | | | | | | | | DES, idea, seed, rc2, rc4, rc5, cast and blowfish have been moved out of the default provider. Code shared between desx and tdes has been moved into a seperate file (cipher_tdes_common.c). 3 test recipes failed due to using app/openssl calls that used legacy ciphers. These calls have been updated to supply both the default and legacy providers. Fixed openssl app '-provider' memory leak Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11419)
* Chunk 10 of CMP contribution to OpenSSL: CMP http client and related testsDr. David von Oheimb2020-04-021-5/+5
| | | | | | | | | | | | | Also improve the generic HTTP client w.r.t. proxy and no_proxy options. Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11404)
* Constify various mostly X509-related parameter types in crypto/ and apps/Dr. David von Oheimb2020-03-231-2/+3
| | | | | | | | | in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *, also some result types of new functions, which does not break compatibility Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10504)
* APPS: Add ctrl_str()-like functionality for X509 and X509_REQRichard Levitte2020-03-152-1/+135
| | | | | | | | | | | | | This should really be part of libcrypto, but since this looks like added legacy support, it's preferable to keep it in apps for now. This allows to build functions that add user given verification options to X509 and X509_REQ structures. Fixes #11293 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11302)
* cmdline app: add provider commandline options.Pauli2020-03-072-1/+52
| | | | | | | | | | Add a -provider option to allow providers to be loaded. This option can be specified multiple times. Add a -provider_path option to allow the path to providers to be specified. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11167)
* apps: distinguish between a parameter error and an unknown parameter.Pauli2020-02-211-2/+4
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11049)
* Params: add argument to the _from_text calls to indicate if the param exists.Pauli2020-02-211-1/+1
| | | | | | | The extra argument is a integer pointer and is optional. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11049)
* Deprecate the low level Diffie-Hellman functions.Pauli2020-02-201-1/+14
| | | | | | | | Use of the low level DH functions has been informally discouraged for a long time. We now formally deprecate them. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11024)
* Forgotten GOST2012 support in non-vital placesNikolay Morozov2020-02-141-0/+1
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11072)
* Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.cDr. David von Oheimb2020-02-101-52/+135
| | | | | | | | | | | | | | | | The new client has become an independent libcrpyto module in crypto/http/ and * can handle any types of requests and responses (ASN.1-encoded and plain) * does not include potentially busy loops when waiting for responses but * makes use of a new timeout mechanism integrated with socket-based BIO * supports the use of HTTP proxies and TLS, including HTTPS over proxies * supports HTTP redirection via codes 301 and 302 for GET requests * returns more useful diagnostics in various error situations Also adapts - and strongly simplifies - hitherto uses of HTTP in crypto/ocsp/, crypto/x509/x_all.c, apps/lib/apps.c, and apps/{ocsp,s_client,s_server}.c Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10667)
* Deprecate the low level HMAC functionsPauli2020-01-291-5/+40
| | | | | | | | | | | Use of the low level HMAC functions has been informally discouraged for a long time. We now formally deprecate them. Applications should instead use EVP_MAC_CTX_new(3), EVP_MAC_CTX_free(3), EVP_MAC_init(3), EVP_MAC_update(3) and EVP_MAC_final(3). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10836)
* Tweak option error messagesRich Salz2020-01-111-3/+3
| | | | | | | | | | | Better messages for unknown option, unknown cipher, unknown digest. Fixes #10773 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10774)
* APPS & TEST: Adapt to use the new BIO_f_prefix()Richard Levitte2019-12-183-191/+3
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10531)
* Fix some typosVeres Lajos2019-12-111-1/+1
| | | | | | | | | | Reported-by: misspell-fixer <https://github.com/vlajos/misspell-fixer> CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10544)
* Document command parameters.Rich Salz2019-11-201-9/+17
| | | | | | | | | | | Add documentation for all commands that have parameters. Fix a couple of minor doc and programming bugs, too. Fixes #10313 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10371)
* Add "sections" to -help outputRich Salz2019-11-081-3/+9
| | | | | | | | | | | | | Remove "Valid options" label, since all commands have sections (and [almost] always the first one is "General options"). Have "list --options" ignore section headers Reformat ts's additional help Add output section Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9953)
* Add -CAstore and similar to all openssl commands that have -CApathRichard Levitte2019-11-033-12/+49
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8442)
* 'openssl list' and 'openssl provider': adapt display of multiple namesRichard Levitte2019-10-172-1/+49
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9979)
* Ignore empty ALPN elements in CLI argsViktor Dukhovni2019-10-111-5/+25
| | | | Reviewed-by: Matt Caswell <matt@openssl.org>
* Explicitly test against NULL; do not use !p or similarRich Salz2019-10-091-3/+3
| | | | | | | | Also added blanks lines after declarations in a couple of places. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9916)
* Add option grouping capability to appsJon Spillett2019-09-191-30/+42
| | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9920)
* Move libapps.a source to apps/libRichard Levitte2019-09-0413-0/+6981
| | | | | | | | This makes it clearer what's what. The 'openssl' application and its sub-commands remain in apps/ Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9723)
* Allow an output indentation of zero in apps.Pauli2019-08-291-4/+4
| | | | | | | Previously, it would indent one space even if zero were specified. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9725)
* Move print_param_types() to libapps, and give it indent argumentRichard Levitte2019-08-281-0/+96
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9697)
View Lorry Controller Status