| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
| |
only grabbing type 6 (URL) values for OCSP which is likely the only
thing it's ever used for. Expose the value with new function
X509_Certificate::ocsp_responder
|
| |
|
|
|
|
| |
Check that whatever certificate we got is allowed to sign OCSP
responses. Add another helper function BER_Decoder to try to handle
the ASN.1 mess.
|
| |
|
|
|
|
|
|
| |
In the path validator, pass singlular Certificate_Store args as const
reference and const_cast them. It's not ideal but it seems to lead to
the cleanest external API.
Treat all v1 X.509 certs as implicit CAs.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
did it and it would be silly for it not to. Update the two existing
callers, who were both doing start_cons().decode_list().end_cons() to
just call decode_list().
Add BER_Decoder::get_next so we can get arbitrarily weird types
without having to break message chains.
Add dummy tag arguments to the ASN1_Object decoder so it can be used
from decode_optional.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
printer example, and really is just CONSTRUCTED | CONTEXT_SPECIFIC.
Extend the ASN.1 printer to recurse into OCTET STRINGS that
contain DER, and to print enumeration values.
BOTAN_DLL export some OID operators (+, !=, <)
Add an OID entry for 1.3.6.1.5.5.7.48.1.1 OCSP basic response.
Correct the Certificate_Policies code, it was dumping policy OIDs into
the extended key usage!
|
| |
|
|
| |
binary) values which we need for OCSP.
|
| |
|
|
|
| |
Fix some bugs that triggered if DEFAULT_BUFFERSIZE was either too
small or an odd size.
|
| |\
| |
| |
| |
| |
| | |
63b5a20eab129ca13287fda33d2d02eec329708f)
to branch 'net.randombit.botan' (head 8b8150f09c55184f028f2929c4e7f7cd0d46d96e)
|
| | |
| |
| |
| |
| |
| |
| | |
to key_constraints.{h,cpp} in cert/x509. Move the X509_Encoding enum
to x509_key.h
Constify argument to X509_Object::check_signature, accidental ommision
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
restrictions on the validation process. Currently these are if
revocation information (CRL or hypothetically OCSP) is required, and
what hashes to trust. Default trusted hashes are SHA-1 and SHA-2. This
will also be used for policy restrictions, likely other things.
The result enum is now a member of Path_Validation_Result
Remove the usage restrictions enum. It is easier, for applications
that actually care about one of these, to just check the extended
constraint attribute on the final result, if everything else
validates.
|
| |/
|
|
|
| |
would be fixed but it's quite hard to do, makes more sense for now to
merge then back into one big x509 blog.
|
| |
|
|
| |
dependent right now.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
not. Instead provide via Extensions::add(). No way to modify behavior
currently, it just follows the previous default police.
Remove the config options from Library_State entirely. Die, mutable
singletons, die.
|
| | |
|
| |
|
|
|
| |
Remove use of look_pk from the source and examples, instead
instantiate classes directly.
|
| |
|
|
|
| |
PK_Decrypting_Key, PK_Signing_Key, PK_Verifying_with_MR_Key, and
PK_Verifying_wo_MR_Key.
|
| |
|
|
|
|
| |
pubkey; you literally could not compile any pubkey code without it.
Move it up to the pubkey dir, it wasn't at all useful to have it
in its own dir.
|
| |
|
|
|
| |
returns the AlgorithmIdentifier representing this scheme (OID + domain
params if any).
|
| |
|
|
|
|
|
| |
Invalid_Argument just a typedef for std::invalid_argument. Make
Botan::Exception a typedef for std::runtime_error. Make Memory_Exhaustion
a public exception, and use it in other places where memory allocations
can fail.
|
| | |
|
| |
|
|
| |
because it makes the code slightly more explicit.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes for the amalgamation generator for internal headers.
Remove BOTAN_DLL exporting macros from all internal-only headers;
the classes/functions there don't need to be exported, and
avoiding the PIC/GOT indirection can be a big win.
Add missing BOTAN_DLLs where necessary, mostly gfpmath and cvc
For GCC, use -fvisibility=hidden and set BOTAN_DLL to the
visibility __attribute__ to export those classes/functions.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
QueryPerformanceCounter, into an entropy source hres_timer. Its
results, if any, do not count as contributing entropy to the poll.
Convert the other (monotonic/fixed epoch) timers to a single function
get_nanoseconds_clock(), living in time.h, which statically chooses
the 'best' timer type (clock_gettime, gettimeofday, std::clock, in
that order depending on what is available). Add feature test macros
for clock_gettime and gettimeofday.
Remove the Timer class and timer.h. Remove the Timer& argument to the
algorithm benchmark function.
|
| |
|
|
| |
than OpenSSL... that's a problem for another branch though).
|
| |
|
|
|
|
|
| |
the user to specify the hash function to use, instead of always using SHA-1.
This was a sensible default a few years ago, when there wasn't a ~2^60 attack
on SHA-1 and support for SHA-2 was pretty much nil, but using something else
makes a lot more sense these days.
|
| |
|
|
|
| |
Pretty much useless and unused, except for listing the module names in
build.h and the short versions totally suffice for that.
|
| | |
|
| |
|
|
|
|
|
| |
- rounding.h (round_up, round_down)
- workfactor.h (dl_work_factor)
- timer.h (system_time)
And update all users of the previous util.h
|
| | |
|
| |
|
|
|
|
| |
the info.txt files with the right module dependencies.
Apply it across the codebase.
|
| |
|
|
|
|
|
| |
just toplevel pubkey). This was a convention I realized made sense sometime
on when I was first doing the modularization changes.
Move pkcs8.* and x509_key.* to pk_codecs
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
up during the Fedora submission review, that each source file include some
text about the license. One handy Perl script later and each file now has
the line
Distributed under the terms of the Botan license
after the copyright notices.
While I was in there modifying every file anyway, I also stripped out the
remainder of the block comments (lots of astericks before and after the
text); this is stylistic thing I picked up when I was first learning C++
but in retrospect it is not a good style as the structure makes it harder
to modify comments (with the result that comments become fewer, shorter and
are less likely to be updated, which are not good things).
|
| | |
|
| | |
|
| |
|
|
|
| |
the other half was relied upon by pubkey. Move the contents into those two
modules. Update deps.
|
| | |
|
| |
|
|
| |
Add some missing info.txts
|
| | |
|
| | |
|
