This isn't fully POSIX shell, because POSIX shell still doesn't have
`local' variable declarations, but at least it is reasonably portable
now.
fix https://github.com/heimdal/heimdal/issues/1299
We must switch to OpenSSL 3.x, and getting lib/hcrypto to provide
OpenSSL 3.x APIs is too large an undertaking. Plus the hcrypto backend
is not safe, not secure (probably has timing leaks galore), and no one
has the resources to make it a world-class crypto library, so it just
has to go.
If ‘keyid’ is an empty string, then the numeric error code that gets
appended to this error message may be mistaken for the key ID. Address
this by not mentioning any ID in such cases.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Bison must generate this unsolicited, but BSD yacc does not.
The makefiles for lib/com_err and lib/sl already did this; this
change just adds it to lib/asn1 and lib/hx509 too.
fix https://github.com/heimdal/heimdal/issues/1100
Excluded: libtomath and libedit files, most of which appear to be
testing or example code not involved in production, and which are
derived from an upstream that should perhaps have patches submitted
upstream instead.
fix https://github.com/heimdal/heimdal/issues/1111
hxtool is a very useful command, with a very user-friendly interface, at
least compared to OpenSSL's openssl(1). We should document it better.
Currently there are no manual pages for hxtool(1)'s subcommands, though
their --help message is pretty self-explanatory. Now the hxtool(1) page
provides better clues to the user, including examples.
This will allow us to add a --no-roots option to
hxtool copy-certificate
which is convenient when copying certificate chains from stores that may
include root CA certificates.
OpenSSL's d2i_ECPrivateKey() is deprecated, so we have to use
d2i_PrivateKey(), but d2i_PrivateKey() wants the whole PKCS#8 blob so it
can know what kind of key it is. So we need to let the hx509 EC layer
get that blob. The internal APIs need some refactoring, so for now we
use a hack where we try to parse the private key with and without the
PKCS#8 wrapper.
