Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| db2f1604 | 2021-11-28 17:40:14 | document ASN1_tag2bit(3) | ||
| 3da41355 | 2021-11-28 15:48:12 | Document ASN1_object_size(3). While here, * call the function arguments "content_length" rather than just "length" to make it less likely that the reader confuses them with the total length returned by ASN1_object_size(3); * state that only the short form is supported for content_length <= 127; * add the missing STANDARDS section. | ||
| edff0b5c | 2021-11-28 14:32:34 | mark ASN1_check_infinite_end() and ASN1_const_check_infinite_end() as intentionally undocumented | ||
| aa287722 | 2021-11-27 16:18:03 | new manual page BIO_f_asn1(3) | ||
| a925b4f7 | 2021-11-27 13:10:33 | Fix incomplete initialization bug: BIO_new(BIO_f_asn1()) neglected initializing five of the fields in BIO_ASN1_BUF_CTX (prefix, prefix_free, suffix, suffix_free, ex_arg), inviting a segfault in a subsequent call from the application program to BIO_write(3) because subroutines of that function assume that the function pointers are either NULL or valid. Fix this by using the less error-prone calloc(3) idiom. While here, inline asn1_bio_init() at the only call site in asn1_bio_new() to simplify the code and make it easier to read. Bug found and initial patch by me, this version (with inlining) by and OK tb@. | ||
| 729b1800 | 2021-11-26 13:48:21 | spelling ok schwarze@ | ||
| d3c5691d | 2021-11-26 13:35:10 | after the bugfix in x509_vfy.c rev. 1.100, replace the BUGS section with a shorter CAVEATS section | ||
| 02c71f02 | 2021-11-26 13:17:09 | Bugfix in X509_get_pubkey_parameters(3): If EVP_PKEY_copy_parameters(3) fails - among other reasons, this may happen when out of memory - the pkey argument and/or the chain argument will not contain all the desired parameters after returning. Consequently, report the failure to the caller rather than silently ignoring it. OK tb@ | ||
| 9c40052c | 2021-11-26 13:05:03 | Simplify the code in X509_get_pubkey_parameters(3) by using X509_get0_pubkey(3) instead of X509_get_pubkey(3); no functional change. OK tb@ This is similar to the relevant part of the follwoing commit from the OpenSSL 1.1.1 branch, which is still under a free licence, but without the bug that commit introduced into this function in OpenSSL: commit c01ff880d47392b82cce2f93ac4a9bb8c68f8cc7 Author: Dr. Stephen Henson <steve@openssl.org> Date: Mon Dec 14 13:13:32 2015 +0000 | ||
| 6033101e | 2021-11-25 12:15:37 | Document BIO_method_name(3). While here, also improve the rest of the page: * add missing BIO_TYPE_* constants * describe BIO_TYPE_START * better function argument names * more precision in the descriptions and regarding the RETURN VALUES * lots of wording improvements * improve the coding style below EXAMPLES * delete a BUGS section describing cretaceous behaviour | ||
| 2b1ad87f | 2021-11-24 19:33:24 | Fix OCSP_basic_verify() cert chain construction in case the OCSP_BASICRESP bs contains no certificates. From David von Oheimb (OpenSSL 121738d1) ok beck | ||
| 1b78ce04 | 2021-11-24 19:29:19 | Simplify slightly by using X509_get0_pubkey() thus eliminating the need for EVP_PKEY_free(). ok beck | ||
| b95de796 | 2021-11-24 19:27:03 | Fix a whitespace error that has annoyed me for way too long | ||
| 8c08b260 | 2021-11-24 19:24:46 | Fix timestamp printing in Signed Certificate Timestamps Our ASN1_GENERALIZEDTIME_set() doesn't accept time strings with fractional seconds, so don't feed it milliseconds, but only seconds. Ensures that openssl x509 -text prints timestamps instead of skipping them. ok beck jsing | ||
| 6a95fe1b | 2021-11-24 19:22:14 | Add certificate transparency methods to the standard extensions. This way, CT extensions in certs will be parsed by the new CT code when they are encountered. This gets rid of a lot of gibberish when looking at a cert with 'openssl x509 -text -noout -in server.pem' ok beck jsing | ||
| 5f8f3622 | 2021-11-24 13:30:56 | add the missing const qualifiers below EXAMPLES; from <Malgorzata dot Olszowka at stunnel dot org> via OpenSSL commit 256989ce in the OpenSSL 1.1.1 branch, which is still under a free license | ||
| 5f9d48b0 | 2021-11-24 13:18:08 | document ASN1_item_ndef_i2d(3) | ||
| 3f851282 | 2021-11-24 05:38:12 | In some situations, the verifier would discard the error on an unvalidated certificte chain. This would happen when the verification callback was in use, instructing the verifier to continue unconditionally. This could lead to incorrect decisions being made in software. | ||
| aff4783b | 2021-11-24 01:12:43 | Make the certificate transparency code build with the rest of the library Do not expose it yet, this will wait for an upcoming bump ok tb@ | ||
| ebe27d9a | 2021-11-23 17:53:59 | document ASN1_TYPE_set_int_octetstring(3) and ASN1_TYPE_get_int_octetstring(3) | ||
| 114b2857 | 2021-11-23 17:06:05 | Use LIBRESSL_NEXT_API to document the commented-out functions that are not yet available. ok schwarze | ||
| 6370c4e2 | 2021-11-23 14:58:08 | document ASN1_TYPE_set_octetstring(3) and ASN1_TYPE_get_octetstring(3) | ||
| d0289fc9 | 2021-11-23 13:52:27 | document a2i_ASN1_INTEGER(3), i2a_ASN1_ENUMERATED(3), and a2i_ASN1_ENUMERATED(3) | ||
| 06dfdaf8 | 2021-11-23 11:10:51 | re-align these copies of the a2i_*(3) code with f_string.c rev. 1.19 to fix the same double-counting of the backslash and to make the parsing stricter in the same way; OK tb@ | ||
| 1085073b | 2021-11-23 09:53:45 | In DH_set0_pqg() also set dh->length if q is set to match what OpenSSL do. ok inoguchi jsing | ||
| 57734b13 | 2021-11-22 19:32:32 | Fix typo thanks Matthias Schmidt | ||
| d1fa7a12 | 2021-11-22 16:19:54 | new manual page ASN1_NULL_new(3), also documenting ASN1_NULL_free(3) | ||
| e8d2363f | 2021-11-22 14:00:27 | new manual page a2d_ASN1_OBJECT(3); while here, add a few STANDARDS references | ||
| 7d15cb53 | 2021-11-22 12:06:51 | document ASN1_OBJECT_create(3) | ||
| cab5fb66 | 2021-11-21 17:35:53 | In asn1.h rev. 1.55 and asn1/a_time.c rev. 1.28, beck@ provided ASN1_TIME_diff(3). Merge the documentation from the OpenSSL 1.1.1 branch, which is still under a free license. | ||
| b46dae7c | 2021-11-21 15:16:45 | oops, i forgot the STANDARDS section | ||
| 151beb8c | 2021-11-21 15:11:01 | new manual page d2i_ASN1_BOOLEAN(3) also documenting i2d_ASN1_BOOLEAN(3) | ||
| 4e56b6c4 | 2021-11-20 18:39:48 | sort | ||
| 3c46923d | 2021-11-20 18:10:52 | Provide the bytestring APIs for libcrypto internal use. Bring a copy of the bytestring APIs (CBB/CBS) from libssl, for use in libcrypto - these are not exposed publicly. Discussed with beck@ and tb@ | ||
| 4da99703 | 2021-11-20 13:06:26 | Document ASN1_INTEGER_cmp(3) and ASN1_INTEGER_dup(3). While here, also improve the description of ASN1_INTEGER_set(3) and add a BUGS section explaining that several of these functions do not provide type safety. | ||
| 4728fa65 | 2021-11-20 11:49:08 | Improve the description of ASN1_OCTET_STRING_cmp(3), ASN1_OCTET_STRING_dup(3), and ASN1_OCTET_STRING_set(3). Explicitly say that they do not provide any type safety and explain what that means. | ||
| 32d9a10f | 2021-11-20 01:10:49 | Make these files compile - not hooked up to build yet. ok jsing@ tb@ | ||
| bb05a9b4 | 2021-11-19 16:35:10 | minor KNF improvement, changing only whitespace, no code change: say: return_type *function_name(args); not: return_type* function_name (args); OK tb@ | ||
| a000f9e8 | 2021-11-19 16:00:54 | new manual page ASN1_BIT_STRING_num_asc(3) documenting the three functions using the BIT_STRING_BITNAME structure | ||
| 0f4c0d4f | 2021-11-19 15:50:46 | add two missing .Dv macros; markup bug found with regress/lib/libcrypto/man/check_complete.pl | ||
| 4fc3ccbc | 2021-11-19 09:58:41 | Make the public API function a2i_ASN1_STRING(3) actually work. It contained two bugs: 1. If an input line ended in a backslash requesting line continuation, there was duplicate code for removing that backslash, erroneously removing another byte from the input and often causing the function to return failure instead of correctly parsing valid input. 2. According to a comment in the source code, the former big "for" loop was intended to "clear all the crap off the end of the line", but actually, if there were multiple characters on the line that were not hexadecimal digits, only the last of those and everything following it was deleted, while all the earlier ones remained. Besides, code further down clearly intends to error out when there are invalid characters, which makes no sense if earlier code already deletes such characters. Hence the comment did not only contradict the code above it - but contradicted the code below it, too. Resolve these contradiction in favour of stricter parsing: No longer skip invalid characters but always error out when any are found. OK & "Unbelievable" tb@ | ||
| d5b0a71e | 2021-11-19 07:49:27 | As long as X509_OBJECT_free_contents(3) is a public API function, make sure it fully re-initializes the object rather than leaving behind a stale pointer and a stale type in the object. The old behaviour was dangerous because X509_OBJECT_get_type(3) would then return the stale type to the user and one of X509_OBJECT_get0_X509(3) or X509_OBJECT_get0_X509_CRL(3) would then return the stale pointer to the user, provoking a use-after-free bug in the application program. Having these functions return X509_LU_NONE and NULL is better because those are the documented return values for these functions when the object is empty. OK tb@ | ||
| 32863f3e | 2021-11-18 18:05:27 | Add semicolon that will become non-optional once BN_GENCB_set() will move from an awful macro to a proper function. | ||
| 276c068d | 2021-11-18 18:01:08 | typo in comment | ||
| e291757a | 2021-11-18 16:00:15 | Prevent future internal use of ASN1_CTX and ASN1_const_CTX by wrapping them inside #ifndef LIBRESSL_INTERNAL. suggested by jsing | ||
| 6d6c1d22 | 2021-11-18 15:58:31 | Remove the last pointless use of ASN1_const_CTX. Both ASN1_CTX and ASN1_const_CTX are now unused and will be garbage collected in the next libcrypto bump. ok jsing | ||
| 4819803b | 2021-11-18 10:09:24 | In x509_vfy.h rev. 1.35 and x509_lu.c rev. 1.34, tb@ provided X509_OBJECT_new(3) and X509_OBJECT_free(3); document them. While here, stop talking about storing storing EVP_PKEY objects and plain C strings in X509_OBJECT objects. LibreSSL never fully supported that, and it certainly no longer supports that now. | ||
| 491f2bff | 2021-11-17 16:08:32 | In x509_vfy.h rev. 1.37 and x509_vfy.c rev. 1.91, tb@ provided X509_STORE_CTX_set_verify(3) and X509_STORE_CTX_get_verify(3). Document them. In the next bump, tb@ will also provide X509_STORE_CTX_verify_fn(3) and X509_STORE_set_verify(3) and restore X509_STORE_set_verify_func(3) to working order. For efficiency of documentation work, already document those three, too, but keep the text temporariy .if'ed out until they become available. Delete X509_STORE_set_verify_func(3) from X509_STORE_set_verify_cb_func(3) because it was misplaced in that page: it is not related to the verification callback. tb@ agrees with the general direction. | ||
| cca6e7ff | 2021-11-16 14:07:57 | In x509_vfy.h rev. 1.37 and x509_vfy.c rev. 1.91, tb@ provided X509_STORE_CTX_get_verify_cb(3); document it. | ||
| 1798df84 | 2021-11-16 12:06:57 | Recently, tb@ provided the following functions: X509_STORE_CTX_set_error_depth x509_vfy.h 1.37 x509_vfy.c 1.91 X509_STORE_CTX_set_current_cert x509_vfy.h 1.37 x509_vfy.c 1.91 X509_STORE_CTX_get_num_untrusted x509_vfy.h 1.36 x509_vfy.c 1.90 X509_STORE_CTX_set0_verified_chain x509_vfy.h 1.37 x509_vfy.c 1.91 Merge the documentation from the OpenSSL 1.1.1 branch, which is still under a free license; tweaked by me. | ||
| d2c7d94e | 2021-11-15 16:18:36 | new manual page ASN1_BIT_STRING_set(3) documenting four BIT STRING accessors | ||
| ed53a826 | 2021-11-15 13:39:40 | document ASN1_PRINTABLE_type(3) and ASN1_UNIVERSALSTRING_to_string(3) | ||
| 7ad55bc0 | 2021-11-15 11:51:09 | document ASN1_item_pack(3) and ASN1_item_unpack(3) | ||
| fcfd3e21 | 2021-11-15 10:41:11 | document i2a_ASN1_STRING(3) and a2i_ASN1_STRING(3) | ||
| 3c8e511c | 2021-11-14 13:40:16 | the last argument of BIO_gets(3) is called "size", not "len" | ||
| a6792a0b | 2021-11-14 11:22:36 | fix a typo; diff from Matthias Schmidt <xosc dot org> on tech@ | ||
| 947886bc | 2021-11-14 08:21:47 | Put curly brace on the correct line. | ||
| feb138ef | 2021-11-13 20:44:00 | Fix a nasty quirk in ASN1_STRING_copy(3). In case of failure, it reported the failure but corrupted the type of the destination string. Instead, let's make sure that in case of failure, existing objects remain in their original state. OK tb@ | ||
| 61583fc4 | 2021-11-13 19:21:17 | Document the interactions of X509_V_FLAG_USE_CHECK_TIME, X509_V_FLAG_NO_CHECK_TIME, X509_VERIFY_PARAM_set_time(3), X509_VERIFY_PARAM_set_flags(3), and X509_VERIFY_PARAM_clear_flags(3) in detail because the API design is both surprising and surprisingly complicated in this respect, and the resulting nasty traps have already caused bugs in the past. | ||
| c6191418 | 2021-11-13 18:50:31 | Mark the public X509_VP_FLAG_* constants as intentionally undocumented. With LibreSSL, they can only be used internally in the library itself, and even with OpenSSL, no real-world application code uses them. OK tb@ | ||
| 46b2c345 | 2021-11-13 18:24:45 | Fix a bug in check_crl_time() that could result in incomplete verification, accepting CRLs that ought to be rejected, if an unusual combination of verification flags was specified. If time verification was explicitly requested with X509_V_FLAG_USE_CHECK_TIME, it was skipped on CRLs if X509_V_FLAG_NO_CHECK_TIME was also set, even though the former is documented to override the latter both in the OpenSSL and in the LibreSSL X509_VERIFY_PARAM_set_flags(3) manual page. The same bug in x509_check_cert_time() was already fixed by beck@ in rev. 1.57 on 2017/01/20. This syncs the beginning of the function check_crl_time() with the OpenSSL 1.1.1 branch, which is still under a free license. OK beck@ This teaches that having too many flags and options is bad because they breed bugs, and even more so if they are poorly designed to override each other in surprising ways. | ||
| 02607ea1 | 2021-11-13 17:12:18 | document ASN1_STRING_copy(3) | ||
| 5be47371 | 2021-11-12 18:56:00 | Document the public constants X509_V_FLAG_POLICY_MASK and X509_V_FLAG_USE_CHECK_TIME. While here, fix a typo and improve the wording for X509_V_FLAG_NOTIFY_POLICY. | ||
| 4713e22e | 2021-11-12 14:34:57 | mention what X509_cmp_time(3) does with a cmp_time argument of NULL | ||
| a8044ef3 | 2021-11-12 14:05:28 | As pointed out by tb@, LibreSSL no longer supports user-defined X509_LOOKUP_METHODs because these objects are now opaque. Simplify the documentation accordingly, shortening it by about 35 input lines in total, but continue providing the information which RETURN VALUES functions might return with other implementations of the library. OK tb@ | ||
| 6d5a2d04 | 2021-11-12 11:41:50 | In x509_vfy.h rev. 1.41, tb@ provided X509_STORE_CTX_get_by_subject(3), changed the return type of X509_OBJECT_get_type(3) and argument types of X509_LOOKUP_by_subject(3), X509_LOOKUP_by_issuer_serial(3), X509_LOOKUP_by_fingerprint(3), X509_LOOKUP_by_alias(3), X509_OBJECT_idx_by_subject(3), X509_OBJECT_retrieve_by_subject(3), and X509_STORE_get_by_subject(3) from int to X509_LOOKUP_TYPE, and in rev. 1.42, he provided X509_STORE_CTX_get_obj_by_subject(3). Adjust the documentation. Joint work with and OK tb@. | ||
| 8d4d91dc | 2021-11-11 15:58:49 | mention the public constants XN_FLAG_SEP_MASK and XN_FLAG_FN_MASK | ||
| ecd659a4 | 2021-11-11 13:58:59 | Mention the X509v3_KU_* aliases for the KU_* constants because some third party application code uses them. List the full names (even though they are long) such that they can be found with "man -k Dv=...". | ||
| fbc48162 | 2021-11-11 13:13:38 | Explicitly list all public functions in roff(7) comments that are related to this page but intentionally undocumented, to better support grepping the source directory for function names. | ||
| 940020b6 | 2021-11-11 12:06:25 | new manual page X509_policy_tree_get0_policies(3), also documenting X509_policy_tree_get0_user_policies(3) | ||
| 2d391c3e | 2021-11-10 14:34:21 | Merge a few additional X509error(ERR_R_MALLOC_FAILURE) calls and various style improvements from the OpenSSL 1.1.1 branch, which is still under a free license. - No need to #include <openssl/lhash.h>. - BUF_MEM_free(3) and sk_pop_free(3) can handle NULL. - sk_value(3) can handle -1. - Test pointers with "== NULL" rather than with "!". - Use the safer "p = malloc(sizeof(*p))" idiom. - return is not a function. - Delete very wrong commented out code. Including parts of the these commits from the 2015 to 2018 time range: 25aaa98a b4faea50 90945fa3 f32b0abe 26a7d938 7fcdbd83 208056b2 5b37fef0 Requested by and OK tb@. | ||
| 22d25e3b | 2021-11-10 13:57:42 | If X509_load_cert_crl_file(3) does not find any certificates and/or CRLs in the PEM input file (for example, if the file is empty), provide an error message in addition to returning 0. This merges another part of this OpenSSL commit, which is still under a free license: commit c0452248ea1a59a41023a4765ef7d9825e80a62b Author: Rich Salz <rsalz@openssl.org> Date: Thu Apr 20 15:33:42 2017 -0400 I did *not* add the similar message types X509_R_NO_CERTIFICATE_FOUND and X509_R_NO_CRL_FOUND because both code inspection and testing have shown that the code generating them is unreachable. OK tb@ | ||
| 256005ed | 2021-11-10 09:19:25 | Sync some code style improvements from the OpenSSL 1.1.1 branch, which is still under a free license. No functional change. - No need to #include <openssl/lhash.h> here. - return is not a function. - Do not use the pointless macro BIO_s_file_internal(). - No need to check for NULL before X509_CRL_free(3). This includes parts of the following OpenSSL commits from the 2015 to 2017 timeframe: 222561fe, 9982cbbb, f32b0abe, 26a7d938 OK tb@ | ||
| be4127b1 | 2021-11-10 09:00:21 | Merge two bug fixes from the OpenSSL 1.1.1 branch, which is still under a free license: 1. If the three X509_load_*(3) functions are called with a NULL file argument, do not return 1 to the caller because the return value 1 means "i loaded one certificate or CRL into the store". 2. When calling PEM load functions, do not ask the user for a password in an interactive manner. This includes parts of the following commits: commit c0452248ea1a59a41023a4765ef7d9825e80a62b Author: Rich Salz <rsalz@openssl.org> Date: Thu Apr 20 15:33:42 2017 -0400 Message: [...] Remove NULL checks and allow a segv to occur. [...] commit db854bb14a7010712cfc02861731399b1b587474 Author: Bernd Edlinger <bernd.edlinger@hotmail.de> Date: Mon Aug 7 18:02:53 2017 +0200 Message: Avoid surpising password dialog in X509 file lookup. OK tb@ | ||
| b6c209be | 2021-11-09 18:40:20 | Switch to <endian.h> from <machine/endian.h> for better portability. ok tb@ | ||
| 292df47c | 2021-11-09 16:23:04 | Split a new page X509_load_cert_file(3) with three functions out of X509_LOOKUP_hash_dir(3) because both groups of functions differ substantially in purpose and structure. Rewrite the complete text of X509_load_cert_file(3) from scratch for correctness and clarity. This fixes several documentation errors: 1. The names of the constants were wrong, lacking the "X509_" prefix. 2. None of these functions support X509_FILETYPE_DEFAULT, neither in OpenSSL nor in LibreSSL. 3. The memory cache does not contain X509_STORE objects; instead, the X509_STORE object *is* the memory cache. | ||
| 1bce098d | 2021-11-09 15:41:10 | Add ASPA OID draft-ietf-sidrops-aspa-profile OK tb@ | ||
| 469bab4b | 2021-11-08 14:44:14 | Document X509_gmtime_adj(3). While here, improve some argument names, improve ordering of the material, and mention the meaning of negative and of large arguments, | ||
| 0c8b2837 | 2021-11-07 15:52:38 | In X509_STORE_CTX, rename the X509_STORE store rather than ctx. ok gnezdo jsing | ||
| e30c9e23 | 2021-11-07 15:51:23 | In X509_STORE_CTX rename the misnamed last_untrusted to num_untrusted ok jsing | ||
| a974b571 | 2021-11-07 15:29:01 | new manual pages ASN1_item_digest(3), ASN1_item_sign(3), and ASN1_item_verify(3) | ||
| 9cf3bd2b | 2021-11-06 15:00:25 | Improve formatting. The line breaks in the lists of methods were very ugly. While here, put descriptions right after the prototypes they describe. No content change. | ||
| 8c897f43 | 2021-11-06 12:31:40 | Start cleaning up X509_STORE_get1_issuer() Get rid of the last X509_OBJECT_free_contents() call by moving the object from the stack to the heap. I deliberately kept the obj variable to keep obj and pobj separate. Rename the out parameter from issuer to out_issuer to ensure that we only assign it when we have acquired a reference that we can return. Add a new X509 *issuer. In the first part of the function, acquire an extra reference before check_issuer/check_time. In the second part of the function, acquire a reference inside the lock to avoid a race. Deal with ret only in one place. ok jsing | ||
| 62d9f894 | 2021-11-06 12:27:05 | In X509_STORE_get1_issuer() do not call the verify callback from x509_check_cert_time(). Matches a change made in OpenSSL 70dd3c65. ok jsing | ||
| c1a623a6 | 2021-11-06 07:52:22 | Fix indent. | ||
| c82d3592 | 2021-11-06 07:18:18 | Refactor X509_STORE_get1_certs() Split the retrieval of the certs in the store's cache that match the desired subject into a separate function. This greatly simplifies locking, error handling and the flow of the function. with/ok jsing | ||
| 72f84f5e | 2021-11-05 22:03:25 | typo: a static objects -> a static object | ||
| 1218bdb9 | 2021-11-05 21:39:45 | First pass of streamlining X509_STORE_get1_{certs,crls}() These functions are quite messy. On top of the tricky logic querying the cache, then refreshing the cache (unconditionally or not), then querying again, then extracting a list of certs/crls and bumping their refcounts, things are intermixed with locking and needlessly early allocations that then need to be cleaned up again. Use X509_STORE_CTX_get_obj_by_subject() to avoid using an object on the stack and defer allocation of the returned stack of certs to later. Flatten the logic a bit and prepare for further refactoring. ok jsing | ||
| 2637af31 | 2021-11-05 20:35:14 | Trade an abort() neutered by a comment for a blank line elsewhere. | ||
| 9c6fb80c | 2021-11-05 17:15:05 | Clean up X509_STORE_add_{cert,crl}(). Add a X509_STORE_add_object() function that adds an X509 object to the store and takes care of locking and cleaning up. This way we can set up an X509_OBJECT for both the cert and CRL case and hand over to the new function. There is one intentional change of behavior: if there is an attempt to add an object which is already present in the store, succeed instead of throwing an error. This makes sense and is also the OpenSSL behavior. As pointed out by jsing, this is a partial fix for the long standing GH issue #100 on libtls where connections would fail if the store contains duplicate certificates. Also: remove the internal X509_OBJECT_dec_ref_count(), which is no longer used. ok jsing | ||
| c5de0e6a | 2021-11-05 17:13:14 | Unify variable names in X509_STORE_{free,up_ref,add_lookup}(). simplify the flow of X509_add_lookup(). ok jsing | ||
| c23e5f7d | 2021-11-05 17:11:28 | Rename the ret variable in X509_OBJECT_new() to obj.. ok jsing | ||
| 9002f7e3 | 2021-11-05 17:09:36 | Garbage collect the unused skip member of X509_LOOKUP and the unused cache member of X509_STORE. ok jsing | ||
| a047bff1 | 2021-11-05 17:08:12 | Use calloc() to remove the need of silly zeroing of most members. Check for allocation failures and if one happens push an error on the stack and clean up using X509_STORE_free(). ok jsing | ||
| c2dc9024 | 2021-11-05 17:06:42 | Streamline and shorten x509_object_cmp() a bit. ok jsing | ||
| 66cf6b76 | 2021-11-05 17:05:52 | Drop a bunch of unnecesary parentheses and unify the order in which callbacks are called. ok jsing | ||
| d7aba846 | 2021-11-05 17:03:15 | Cleanup X509_LOOKUP_new() Switch from malloc() to calloc() and drop a bunch of initializations to 0. Call the returned object lu instead of the generic ret. ok jsing | ||
| 0e189bdb | 2021-11-05 07:25:36 | Garbage collect xobj->data.{ptr,pkey} Both these are essentially unused. Remove the last use of data.ptr by initializing and copying the X509_OBJECT using memset() and struct assignment in X509_STORE_CTX_get_subject_by_name() and add a missing error check for X509_OBJECT_up_ref_count() while there. ok beck | ||
| 88e5d447 | 2021-11-04 23:52:34 | Cache sha512 hash and parsed not_before and not_after with X509 cert. Replace sha1 hash use with sha512 for certificate comparisons internal to the library. use the cached sha512 for the validator's verification cache. Reduces our recomputation of hashes, and heavy use of time1 time conversion functions noticed bu claudio@ in rpki client. ok jsing@ tb@ | ||
| 6982c71f | 2021-11-03 15:02:14 | document d2i_X509_ALGORS(3) and i2d_X509_ALGORS(3) |