return cert;
}
-/*
- * TODO potentially move this and related functions to apps/lib/
- * or even better extend OSSL_STORE with type OSSL_STORE_INFO_CRL
- */
static X509_REQ *load_csr_autofmt(const char *infile, const char *desc)
{
X509_REQ *csr;
}
X509_free(cert);
}
- /* TODO find a cleaner solution not requiring type casts */
if (!setup_certs(opt_rsp_extracerts,
"CMP extra certificates for mock server", srv_ctx,
(add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_chainOut))
/* enable and parameterize server hostname/IP address check */
if (!truststore_set_host_etc(trust_store,
opt_tls_host != NULL ? opt_tls_host : host))
- /* TODO: is the server host name correct for TLS via proxy? */
goto err;
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
}
*/
keytype = "DHX";
/*
- * BIO_reset() returns 0 for success for file BIOs only!!!
- * This won't work for stdin (and never has done)
- * TODO: We should fix this at some point
- */
+ * BIO_reset() returns 0 for success for file BIOs only!!!
+ * This won't work for stdin (and never has done)
+ */
if (BIO_reset(in) == 0)
done = 0;
}
const char *input_type;
OSSL_PARAM itp[2];
const OSSL_PARAM *params = NULL;
- /* TODO make use of the engine reference 'eng' when loading pkeys */
if (ppkey != NULL) {
*ppkey = NULL;
if (!adapt_keyid_ext(cert, ext_ctx, "authorityKeyIdentifier",
"keyid, issuer", !self_sign))
goto end;
-
- /* TODO any further measures for ensuring default RFC 5280 compliance */
}
if (mctx != NULL && do_sign_init(mctx, pkey, md, sigopts) > 0)
}
if (ctx->certOut != NULL
&& (*certOut = X509_dup(ctx->certOut)) == NULL)
- /* TODO better return a cert produced from data in request template */
goto err;
if (ctx->chainOut != NULL
&& (*chainOut = X509_chain_up_ref(ctx->chainOut)) == NULL)
if (sk_ASN1_UTF8STRING_num(errorDetails) <= 0) {
BIO_printf(bio_err, "errorDetails absent\n");
} else {
- /* TODO could use sk_ASN1_UTF8STRING2text() if exported */
BIO_printf(bio_err, "errorDetails: ");
for (i = 0; i < sk_ASN1_UTF8STRING_num(errorDetails); i++) {
if (i > 0)
log_message(prog, LOG_WARNING,
"HTTP request does not begin with %sPOST: %s",
accept_get ? "GET or " : "", reqbuf);
- /* TODO provide better diagnosis in case client tries TLS */
(void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
#include <openssl/encoder.h>
/*
- * TODO: This include is to get OSSL_KEYMGMT_SELECT_*, which feels a bit
+ * This include is to get OSSL_KEYMGMT_SELECT_*, which feels a bit
* much just for those macros... they might serve better as EVP macros.
*/
#include <openssl/core_dispatch.h>
if (!noout || text || next_serial)
OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
- /* TODO: why is this strange object created (and no error checked)? */
if (alias)
X509_alias_set1(x, (unsigned char *)alias, -1);