| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
to key_constraints.{h,cpp} in cert/x509. Move the X509_Encoding enum
to x509_key.h
Constify argument to X509_Object::check_signature, accidental ommision
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
restrictions on the validation process. Currently these are if
revocation information (CRL or hypothetically OCSP) is required, and
what hashes to trust. Default trusted hashes are SHA-1 and SHA-2. This
will also be used for policy restrictions, likely other things.
The result enum is now a member of Path_Validation_Result
Remove the usage restrictions enum. It is easier, for applications
that actually care about one of these, to just check the extended
constraint attribute on the final result, if everything else
validates.
|
|\
| |
| |
| |
| |
| | |
0d0f3fba72f3300bc995c79124a75a4fc0b83879)
to branch 'net.randombit.botan.x509-path-validation' (head 48d03e596f032c0c69d691dbf49a2a1415b348c3)
|
| |
| |
| |
| |
| | |
would be fixed but it's quite hard to do, makes more sense for now to
merge then back into one big x509 blog.
|
| |
| |
| |
| |
| | |
got the answer wrong before. Still no policy or name constraints
support, though.
|
| |\
| | |
| | |
| | |
| | |
| | | |
78a772f3855abc89c3eed2fe8735e8438463399c)
to branch 'net.randombit.botan.x509-path-validation' (head 9e678a8bc141087439a1238783006e9892a98450)
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | | |
8efb138f9a7c0b02429372a9c4e4f6614c5a6b87)
to branch 'net.randombit.botan.x509-path-validation' (head af3daa43e17054ae367c02de09f77ab9e5f8136f)
|
| | | | |
|
| | | |\
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
8453f801979d78b448a2aff80d2042715a42e843)
to branch 'net.randombit.botan.x509-path-validation' (head 084e8139f4b131b5aab6b6359e59324d7681488f)
|
| | | |\ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
a4ea4629f9caa98bd72b87de6050d9e52190d09a)
to branch 'net.randombit.botan.x509-path-validation' (head 6217561bf05ef77a49ab2ebe39f16bf7133a005a)
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
convert using bytes.decode, but that's not available in Python 2.5 and
there doesn't seem to be a good way to test for it at runtime. Instead
use a slight hack of calling subprocess with universal_newlines=True,
which causes Py3k subprocess to assume the output is UTF-8 and decode
accordingly (this should be fine in these cases since monotone will
output a hex string and GCC will just output a version number). On
Python 2 it's mostly ignored (especially as we call strip on the
result anyway).
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
on decoding by default, and add a comment showing how to enable it for
encoding.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
16*1024 to an argument that treated those values as KiB, it took the
RNG ~3 seconds to create 16 MiB of data to randomize the input. Change
to 16. Also cap the value that can be passed to --buf-size to 1024,
for a 1 MiB buffer.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
how much we ask for on the basis of how many bits we're counting each
byte as contributing. Change /dev/*random estimate to 7 bits per byte.
Small cleanup in HMAC_RNG.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
list of directory names (without the open DIRs) plus the one currently
active dir.
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
of giving /dev/random, EGD, and CryptoAPI a full 8 bits per byte of
entropy, estimate at 6 bits.
In the proc walker, allow more files to be read, read more of any
particular file, and count each bit for 1/10 as much as before.
Reading more of the file seems especially valuable, as some files are
quite random, whereas others are very static, and this should ensure
we read more of the actually unpredictable inputs.
Prefer /dev/random over /dev/urandom
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
waiting for a full kilobyte. This is for the benefit of DSA/ECDSA
which want a call to add_entropy to update the state in some way,
passing just a hash input which might be as small as 20 bytes.
|
|/ / / / /
| | | | |
| | | | |
| | | | | |
Cassidy, sent to the mailing list.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
by TLS (relies on the finished message check). Add a class for reading
files created by GnuTLS's srptool.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
loop (size_t overflow), likely causing a segfault. Not exploitable as
far as I can tell, beyond the obvious crashing.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If the default value is a list we will append to it instead of
overwriting it. (Previouly, multiple define targets 'worked' with last
one winning as the values were progressively overwritten).
This might be useful for other things, compiler warning options maybe?
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
in the Client_Hello parser. Works, tested with GnuTLS command line
client.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
interface but it's a plausible start. Will probably have more insights
after adding TLS hooks.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
an amalgamation and the app is compiled in Unicode mode.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
--os=windows since likely they actually wanted either --os=cygwin
or --os=mingw
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
explicit cast.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
cpuid intrinsic) and older GCC (no cpuid.h before 4.3)
|