dfc3e46a77
Typos
2025-06-20 12:28:43 +02:00
e81b08e02d
Fix a comment
2025-06-20 09:58:45 +02:00
0c85d54800
Handle missing certificate names
2025-06-19 17:56:54 +02:00
772bc22c94
Handle null return from curl_easy_init
2025-06-19 14:32:24 +02:00
d65a2b5286
Fix various typos
2025-06-19 14:18:26 +02:00
dd9b81281f
Support loading OpenSSL 3.0+ providers without -pkcs11module option (e.g., CNG)
2025-06-05 17:13:10 +02:00
52bfff5756
Avoid variable reuse
2025-06-04 18:42:41 +02:00
50c23daa4c
Code simplification
...
No functional change intended.
2025-06-03 08:20:52 +02:00
9b7dae4572
Support loading arbitrary engines via ENGINE_by_id()
...
Use ENGINE_by_id() for any engine name that doesn't contain a dot,
assuming it's an engine ID. If the name includes a dot (e.g., a file
extension), treat it as a path to a dynamic engine module.
See #436 for discussion.
2025-06-02 20:32:26 +02:00
62438908cb
Skip the "lib" prefix when guessing engine ID
...
Fix #436
2025-05-30 16:59:25 +02:00
829e770250
Use _WIN32 instead of USE_WIN32 for MinGW compatibility
2025-05-27 10:17:03 +02:00
10ca3a06ea
Suppress compiler warnings
2025-05-06 10:42:53 +02:00
9ea7e85468
Fix engine-less builds
2025-05-06 10:42:53 +02:00
68e8845ef1
Improve PKCS#7 verification with OpenSSL 3.5
...
Enhanced verification logic for PKCS#7 signedData structures by introducing a dedicated `verify_pkcs7_data()` function. This update addresses compatibility with older OpenSSL versions (< 3.0.5) and ensures correct handling of detached signed content using a BIO buffer.
The change enables support for PKCS#7 inner content (RFC 2315, section 7), as per OpenSSL PR#22575.
Refactored timestamp and authenticode verification functions to reduce duplication and properly manage X509_STORE and X509_CRL structures.
2025-05-01 11:21:29 +02:00
475ea95ba3
Fix control flow and braces for engine and provider support
2025-05-01 11:21:29 +02:00
d352dcc1a5
Do not try to load engine twice
2025-04-18 10:46:20 +02:00
4bd167a8be
Fixed directly dereferencing parameter p7, CID 1576008
2025-03-31 13:19:35 +02:00
e7405fa839
Simplify error handling in PKCS#7 certificate loading, CID 1639170
2025-03-31 13:19:35 +02:00
838aaaee8d
libp11 PKCS#11 provider support
2025-03-28 14:05:12 +01:00
e8f19a6efe
Added verbose output for digest encryption algorithm and signature during verification
2024-12-31 13:53:46 +01:00
40ce811701
Fixed conditional compilation for CURL and proxy support
2024-10-25 17:48:01 +02:00
db5b4c4dc0
Add the "-engineCtrl" option to control hardware and CNG engines ( #405 )
...
Documentation updated for CNG engine 1.1 compatibility.
2024-09-08 19:23:38 +02:00
21133f9c3b
Added the '-blobFile' option to specify a file containing the blob content
2024-09-04 17:51:35 +02:00
2b3228d549
Changed error output to stderr instead of stdout
2024-06-05 16:54:21 +02:00
476168e09e
Added the "-ignore-crl" option to disable CRL online verification
2024-06-03 12:16:02 +02:00
41b662a8fe
Checked cFolders value
2024-05-31 16:47:31 +02:00
825c9dad7c
Add '-login' option to force a login to PKCS11 engines
2024-05-22 19:06:06 +02:00
6e5bef14e9
Rewrite making test certificates ( #393 )
...
Also updates obsolete curl dependencies with zlib.
2024-05-22 18:59:53 +02:00
aa8c8dd720
Type casting of the read() return value
2024-04-10 17:09:01 +02:00
16c5e5aa4a
Squashed logically dead code for curl response code for openssl version 3.0.0 and later, CID 1585046
2024-04-10 17:09:01 +02:00
ded1f7aa67
Use native HTTP client with OpenSSL 3.0 or later ( #378 )
...
Co-authored-by: olszomal <Malgorzata.Olszowka@stunnel.org >
2024-04-09 19:33:31 +02:00
6ad2679f17
Read the password from stdin if desired
...
Use the common convention: "-" means to use stdin
Signed-off-by: Steve McIntyre <steve.mcintyre@pexip.com >
2024-03-28 21:33:01 +01:00
4776f43f04
Improved manual
2024-03-26 18:28:02 +01:00
0a0761746f
Fixed memory corruption
2024-03-08 16:59:34 +01:00
f51e2a4869
Intercepted X509_V_FLAG_CHECK_SS_SIGNATURE verify error
2024-03-08 16:59:34 +01:00
093ed12c66
Supported CRL decoding in DER and PEM format
2024-03-08 16:59:34 +01:00
71a046a2d0
Ignore missing PKCS#9 signing time field (NID_pkcs9_signingTime: 1.2.840.113549.1.9.5) in the CMS_ContentInfo structure.
...
Timestamping time for verification is get from embedded content in this CMS_ContentInfo structure.
2024-03-08 16:59:34 +01:00
c73f82b558
Set the NONCE field in a TSA request
2024-03-08 16:59:34 +01:00
192e7a732b
Fixed memory leaks
2024-03-01 17:50:20 +01:00
3998bcabb2
Simplify BIO chain free up and FILE_FORMAT_CTX cleanup
2024-02-28 15:55:25 +01:00
fa40c57f80
Simplify checking whether a signature exists
2024-02-28 11:55:21 +01:00
b661ed08ed
Fix fuzzer error - corrupted data content
2024-02-20 17:48:55 +01:00
ead0584611
Disable curl dependence
2024-02-20 17:48:31 +01:00
1bc7fc36b8
Connect to CRL Distribution Points through the configured proxy when verifying
2024-02-19 12:19:44 +01:00
b2024cee9d
Add -ignore-cdp option to help
2024-02-16 12:30:29 +01:00
9d152b8477
Fix url resource leak, CID 1583652, 1583653
2024-02-16 12:30:29 +01:00
7a02d51a83
Print failed certificate chain retrieved from the signature
2024-02-15 13:07:02 +01:00
dac68a3a4d
Disable CRL Distribution Points online verification
2024-02-15 12:30:50 +01:00
cedb8b5798
Print default -CAfile in "osslsigncode -v"
...
Fix #344
2024-02-12 12:31:57 +01:00
4576895718
Initial script (text) format support
...
See #37 for details.
2024-02-12 10:54:18 +01:00
