Move libapps.a source to apps/lib This makes it clearer what's what. The 'openssl' application and its sub-commands remain in apps/ Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9723)
Add app for fips installation Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9634)
Replace FUNCerr with ERR_raise_data Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9496)
Remove HEADER_X509_H and HEADER_SSL_H include detectors from apps The HEADER_X509_H check is redundant, because <openssl/x509.h> is already included. Instead of of checking for HEADER_SSL_H, include <openssl/ssl.h> explicitly in "s_apps.h" and don't include "s_apps.h" where it's not necessary. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/9364)
Deprecate SYSerr, add new FUNCerr macro Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9072)
Add ERR_put_func_error, and use it. Change SYSerr to have the function name; remove SYS_F_xxx defines Add a test and documentation. Use get_last_socket_err, which removes some ifdef's in OpenSSL code. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9072)
Add -new and -subj options to x509 app for direct cert generation Complete and improve error output of parse_name() in apps/apps.c Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8193)
prevent app_get_pass() from revealing cleartext password on syntax error When the argument for '-pass' was badly formed, that argument got displayed in full. This turns out to not be such a good idea if the user simply forgot to start the argument with 'pass:', or spellt the prefix incorrectly. We therefore change the display to say that a colon is missing or only showing the incorrect prefix. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6218)
apps/openssl.c: Adapt to enable tracing output Use the environment variables OPENSSL_TRACE to determine what's going to be enabled. The value of this variables is a comma separated list of trace and debugging names, which correspond to the trace category macros defined in include/openssl/trace.h. For example, setting OPENSSL_DEBUG=TRACE,SSL will enable debugging output for the types OSSL_TRACE_CATEGORY_TRACE and OSSL_TRACE_CATEGORY_SSL. This also slightly changes the handling of the prefix method in apps/apps.c. This is for the better, as the prefix method pointer was unneccessarily stored in two places. Co-authored-by: Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8198)
Updated test command line parsing to support commmon commands Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6975)
Cleanup vxworks support to be able to compile for VxWorks 7 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/7569)
Make ca command silently use default if .attr file does not exist Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7286)
Some code-cleanup/simplification in apps Remove some casts on password callback by adding a wrapper function. Remove level of indent by doing an early-return on failure. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7873)
Following the license change, modify the boilerplates in apps/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7765)
apps: allow empty attribute values with -subj Historically (i.e., OpenSSL 1.0.x), the openssl applications would allow for empty subject attributes to be passed via the -subj argument, e.g., `opensl req -subj '/CN=joe/O=/OU=local' ...`. Commit db4c08f0194d58c6192f0d8311bf3f20e251cf4f applied a badly needed rewrite to the parse_name() helper function that parses these strings, but in the process dropped a check that would skip attributes with no associated value. As a result, such strings are now treated as hard errors and the operation fails. Restore the check to skip empty attribute values and restore the historical behavior. Document the behavior for empty subject attribute values in the corresponding applications' manual pages. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7349)
New openssl subject parser hard to debug -subj 'subject=C = US, ST = A, L = root, O = Hewlett Packard Enterprise Company, OU = Remote Device Access, CN = Hewlett Packard Enterprise Remote Device Access Test Local CA, emailAddress = rda@hpe.com' was a valid subject in openssl 1.0. Error received in 1.1 is: problems making Certificate Request Not very informative, I only figured this out because I compiled the code and added logging. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/7098)
apps/apps.c: harmonize print_bignum_var output with coding style. Reviewed-by: Rich Salz <rsalz@openssl.org>
apps: when the 'compat' nameopt has been set, leave it be XN_FLAG_COMPAT has a unique property, its zero for value. This means it needs special treatment; if it has been set (which can only be determined indirectly) and set alone (*), no other flags should be set. (*) if any other nameopt flag has been set by the user, compatibility mode is blown away. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6382)
Use void in all function definitions that do not take any arguments Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #6208
Revert "Check directory is able to create files for various -out option" This reverts commit 555c94a0db9661428da0a45cb32b9f002324eefd. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6033)