aboutsummaryrefslogtreecommitdiffstats
path: root/checks/x509.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Testierlloyd2014-01-011-256/+0
|
* Test report is more useful nowlloyd2013-12-311-25/+24
|
* First pass at automatic OCSP checkslloyd2013-11-291-2/+2
|
* propagate from branch 'net.randombit.botan.x509-path-validation' (head ↵lloyd2012-05-251-2/+1
|\ | | | | | | | | | | 63b5a20eab129ca13287fda33d2d02eec329708f) to branch 'net.randombit.botan' (head 8b8150f09c55184f028f2929c4e7f7cd0d46d96e)
| * Duplicate . printlloyd2012-05-251-1/+0
| |
| * Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-181-1/+1
| | | | | | | | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
* | Pass a class to the validation function that represents anylloyd2012-03-281-18/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | restrictions on the validation process. Currently these are if revocation information (CRL or hypothetically OCSP) is required, and what hashes to trust. Default trusted hashes are SHA-1 and SHA-2. This will also be used for policy restrictions, likely other things. The result enum is now a member of Path_Validation_Result Remove the usage restrictions enum. It is easier, for applications that actually care about one of these, to just check the extended constraint attribute on the final result, if everything else validates.
* | Fully working path validation. Even fixes the cases in PKITS where welloyd2012-02-061-3/+3
| | | | | | | | | | got the answer wrong before. Still no policy or name constraints support, though.
* | propagate from branch 'net.randombit.botan' (head ↵lloyd2011-04-221-14/+17
|\ \ | |/ |/| | | | | | | 8efb138f9a7c0b02429372a9c4e4f6614c5a6b87) to branch 'net.randombit.botan.x509-path-validation' (head af3daa43e17054ae367c02de09f77ab9e5f8136f)
| * Some changes circa Feb 22lloyd2011-04-221-14/+17
| |
* | ECC private keys had two different constructors, one taking a grouplloyd2011-04-081-1/+1
|/ | | | | | | | | | | | | | | | and a random number generator, and the other taking a group and a preset private key value. The DL private keys instead have on constructor for this; if the x value is zero, then a new random key is created. For consistency, do this with ECC as well. ECDH actually didn't have one of these constructors, forcing you to either load from PKCS #8 or else use a random key. Rename EC_Domain_Params to EC_Group, with a typedef for compatability. More doc updates. Update mtn ignores for Sphinx output
* Fix CRL reason codes and updating of CRLs. Add tests for both cases.lloyd2010-10-071-2/+0
|
* Forward port CRL fixes from rev 7bb2001cd554a1acc3d345914ea710ff0e1d3a6blloyd2010-10-071-0/+16
|
* Split up src/cert/x509 into a set of modules, though mostly mutuallylloyd2010-09-171-2/+4
| | | | dependent right now.
* If check against copy fails, print algo namelloyd2010-03-191-1/+1
|
* Add a new function to public key x509_subject_public_key which returnslloyd2010-03-041-6/+2
| | | | | what x509_encoder()->key_bits() used to return. This is much simpler than using the explicit encoder objects. Remove X509_Encoder entirely.
* Kill get_EC_Dom_Pars_by_oidlloyd2010-03-011-1/+1
|
* Add copyright and license notes to pretty much every file that didn't have them,lloyd2009-12-311-0/+6
| | | | | | | | including the examples and self-test code. Most of these files had not copyright/license information at all; since a major point of the examples is to allow users to copy and paste code that already does something they want, an ambigious license is not good.
* In creating X.509 certificates and PKCS #10 requests, let (actually: require)lloyd2009-11-091-2/+8
| | | | | | | the user to specify the hash function to use, instead of always using SHA-1. This was a sensible default a few years ago, when there wasn't a ~2^60 attack on SHA-1 and support for SHA-2 was pretty much nil, but using something else makes a lot more sense these days.
* Generate an ECDSA cert if ECDSA is enabled during testslloyd2008-10-111-0/+9
|
* Modularize the public key algorithms, though currently a great deal oflloyd2008-09-281-7/+13
| | | | | | the underlying implementation goop remains in the core library instead of being shunted off, due to various dependencies it has (most of which it shouldn't).
* Create an x509 module containing all of the X509 certificate and CAlloyd2008-09-281-37/+50
| | | | code as well as the code for handling PKCS #10 requests.
* Remove most of the direct references to the global_rng() calllloyd2008-06-281-9/+6
|
* Remove uses of global PRNG from self-test and benchmark code. Assumeslloyd2008-06-271-4/+3
| | | | access to /dev/random (will be cleaned up shortly)
* Remove load checking, as it requires an RNG (at least at the moment).lloyd2008-06-271-2/+2
| | | | | | | | | Probably some variation of it will be added back in later, at least to do basic checks like that primes are really odd (and we can do basic primality checks, etc, even with an RNG). Alternative: call check_key() manually on public keys you load with an RNG object.
* Similiar combining transform for the ElGamal, DSA, and NR private keylloyd2008-06-201-1/+1
| | | | constructors.
* Use RNG& argument for PKCS8::encrypt_key and PKCS8::PEM_encodelloyd2008-06-201-5/+6
|
* Convert pkcs8_decoder() and x509_decoder() to take a RandomNumberGenerator&lloyd2008-06-201-2/+4
| | | | | | | | reference, along with PKCS8::load_key get_pbe no longer calls new_params() on the newly instantiated instance, which is not backwards compatible (you have to either call new_params yourself, or explicitly set the iteration count, salt, etc)
* Fix remaining -Wmissing-declarations warnings in self-test/benchmark codelloyd2008-06-201-0/+2
|
* Fix some -Wmissing-declarations warningslloyd2008-06-121-0/+4
|
* X509_CA::{new_crl,update_crl} take a RandomNumberGenerator referencelloyd2008-06-111-2/+2
|
* X509::create_cert_req and X509::create_self_signed_cert take an RNG reflloyd2008-06-111-3/+9
|
* Modify X509_CA::make_cert and X509_CA::sign_request to take a RNG referencelloyd2008-06-111-7/+8
| | | | argument in favor of referencing the global PRNG argument
* Previously random_integer and friends used the global PRNG object to getlloyd2008-05-241-3/+7
| | | | | | | | | | | | | random bits. Now they take a reference to a RandomNumberGenerator object. This was applied several times out, so now the constructors to private key objects also take a RandomNumberGenerator& argument. This is also true for a number of randomized algorithms (Miller-Rabin, for instance). You can get a reference to the global PRNG with global_state().prng_reference() This is a provisional thing: and warning: it is not thread safe! If this is a problem instead keep per-thread PRNGs and pass them were needed.
* Change the interface of X509_CA::sign_request as follows:lloyd2008-04-101-2/+7
| | | | | | | | | | | - The allow_ca policy value is no longer checked. Callers should check if the request is for a CA cert and treat it accordingly; this makes it simpler to to case-by-case decisions (expecially among multiple threads) - Instead of a single time value, a u32bit representing the number of seconds from now the certificate should expire, the start and end times are passed explicitly as two X509_Time values.
* Rename X509_PublicKey and PKCS8_PrivateKey to the new types within thelloyd2006-09-061-7/+7
| | | | self-test sources
* Split PK_Key into Public_Key and Private_Key; these new classes merge inlloyd2006-09-061-5/+32
| | | | the interfaces previously included in X509_PublicKey and PKCS8_PrivateKey.
* Remove the public domain notices from the self-test/benchmark code,lloyd2006-08-091-1/+0
| | | | because it turns out to be something of a legal minefield.
* Modify the X.509 tests so they pick up a bug in PKCS10_Requestlloyd2006-06-231-0/+2
|
* Initial checkin1.5.6lloyd2006-05-181-0/+147
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-19 01:53:09 +0000