aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert
Commit message (Collapse)AuthorAgeFilesLines
* Make Boost easier to disable with minimal feature losslloyd2013-12-281-1/+0
|
* Make it possible to remove Boost dependency by disabling a few moduleslloyd2013-12-141-0/+4
| | | | (though including X.509 and TLS).
* First pass at automatic OCSP checkslloyd2013-11-296-58/+108
|
* Move OCSP to x509 subdir as they are quite entangledlloyd2013-11-296-8/+1
|
* Split chain creation and checkinglloyd2013-11-292-87/+104
|
* Have OCSP responses return an enum allowing a range of conditions to be ↵lloyd2013-11-2910-301/+359
| | | | | | | | | | expressed (good status, cert revoked, some other error, etc). Add a certificate store backed by files (requiring boost filesystem). Change Certificate_Store interface somewhat to support retrieval without copying.
* Add OCSP::online_check which queries the certs responderlloyd2013-11-283-3/+42
|
* Don't reject a signature using an untrusted hash if it is the selflloyd2013-11-281-1/+1
| | | | signature of a root cert
* Print OCSP and CRL locations in X509_Certificate::to_stringlloyd2013-11-281-0/+5
|
* Give everything setting a feature test macro in build.h a version codelloyd2013-11-283-3/+3
| | | | | | so application code can check for the specific API it expects without having to keep track of what versions APIs x,y,z changed. Arbitrarily set all current API versions to 20131128.
* Change Credentials_Manager::trusted_certificate_authorities to returnlloyd2012-11-132-25/+39
| | | | | | | | | a list of Certificate_Stores instead of a list of actual certs, allowing for instance the ability to reference a DB cert store without actually pulling all the certs into memory. Add Certificate_Store::all_subjects which returns the DNs of all contained certificates.
* Rename asn1_int to asn1_obj as it actually declares ASN1_Objectlloyd2012-11-062-2/+2
|
* Split asn1_obj.h into asn1_alt_name.h, asn1_attribute.h, andlloyd2012-11-068-3/+56
| | | | asn1_time.h
* Fix various issues flagged by cppcheck. Nothing too interesting.lloyd2012-08-134-5/+5
|
* Add Public_Key::estimated_strength which gives an approximation of howlloyd2012-07-272-13/+33
| | | | | | | hard that key is to break. Use it in cert path validation, rejecting keys with estimated strength less than 80 bits.
* Avoid unused argument warninglloyd2012-06-261-1/+1
|
* Fix X509_Certificate::operator<. It was comparing by calling to_stringlloyd2012-06-142-6/+28
| | | | | | | | | | on each and comparing that. However that is very expensive (lots of formatting) and doesn't even work that well because to_string skips over a lot of information. Instead, compare the tbs bits directly which is both much faster and more accurate. Add a new X509_Certificate::fingerprint which returns a fingerprint compatible at least with what OpenSSL does.
* Add support (decoding only) for the CRL Distribution Point extension.lloyd2012-06-134-30/+98
|
* Update what() signature on exception typeslloyd2012-06-121-1/+1
|
* Update cms, cvc, zlib, bzip2, openssl, and gnump modules for the newlloyd2012-06-0714-66/+66
| | | | | | | | allocator interface. The compression filters now just use malloc/free with a memset. Add a new info.txt field <warning>, like comment but warns. Use for CMS which is pretty broken (doesn't even compile anymore), and for TLS.
* Drop some deprecated functionslloyd2012-06-012-20/+0
|
* Support for the authority information access extension, limited tolloyd2012-05-274-1/+84
| | | | | | only grabbing type 6 (URL) values for OCSP which is likely the only thing it's ever used for. Expose the value with new function X509_Certificate::ocsp_responder
* Add an X509_Certificate::allowed_usage for extended constraints.lloyd2012-05-273-51/+54
| | | | | | Check that whatever certificate we got is allowed to sign OCSP responses. Add another helper function BER_Decoder to try to handle the ASN.1 mess.
* Signature verification on OCSP responses. Still needs a bit of APIlloyd2012-05-274-18/+89
| | | | reworking I think, and a lot more testing, but it seems functional.
* Derive X509_Object from ASN1_Object.lloyd2012-05-276-24/+46
| | | | | | | | In the path validator, pass singlular Certificate_Store args as const reference and const_cast them. It's not ideal but it seems to lead to the cleanest external API. Treat all v1 X.509 certs as implicit CAs.
* Initial ability to check the results.lloyd2012-05-273-26/+34
|
* Very preliminary and fairly nasty OCSP support. Client side only. Canlloyd2012-05-275-0/+408
| | | | | generate requests and parse replies, does not verify signatures or so most anything else useful yet.
* Have BER_Deocder::decode_list actually start the SEQUENCE. All callerslloyd2012-05-271-8/+2
| | | | | | | | | | | | did it and it would be silly for it not to. Update the two existing callers, who were both doing start_cons().decode_list().end_cons() to just call decode_list(). Add BER_Decoder::get_next so we can get arbitrarily weird types without having to break message chains. Add dummy tag arguments to the ASN1_Object decoder so it can be used from decode_optional.
* Remove the PRIVATE ASN.1 tag. Not being used outside of the prettylloyd2012-05-271-1/+1
| | | | | | | | | | | | | | printer example, and really is just CONSTRUCTED | CONTEXT_SPECIFIC. Extend the ASN.1 printer to recurse into OCTET STRINGS that contain DER, and to print enumeration values. BOTAN_DLL export some OID operators (+, !=, <) Add an OID entry for 1.3.6.1.5.5.7.48.1.1 OCSP basic response. Correct the Certificate_Policies code, it was dumping policy OIDs into the extended key usage!
* Several new hooks in X509_Certificate to get raw (from the certlloyd2012-05-272-9/+39
| | | | binary) values which we need for OCSP.
* Some post merge fixups.lloyd2012-05-255-15/+9
| | | | | Fix some bugs that triggered if DEFAULT_BUFFERSIZE was either too small or an odd size.
* propagate from branch 'net.randombit.botan.x509-path-validation' (head ↵lloyd2012-05-2536-425/+477
|\ | | | | | | | | | | 63b5a20eab129ca13287fda33d2d02eec329708f) to branch 'net.randombit.botan' (head 8b8150f09c55184f028f2929c4e7f7cd0d46d96e)
| * Replace 0 and NULL pointer constants with nullptr. Also fix an oldlloyd2012-05-182-2/+2
| | | | | | | | style cast in secmem.h
| * Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-1832-239/+291
| | | | | | | | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
| * propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵lloyd2012-04-252-3/+19
| |\ | | | | | | | | | | | | | | | a4741cd07f50a9e1b29b0dd97c6fb8697c038ade) to branch 'net.randombit.botan.cxx11' (head 116e5ff139c07000be431e07d3472cc8f3919b91)
| | * propagate from branch 'net.randombit.botan' (head ↵lloyd2012-04-242-0/+74
| | |\ | | | | | | | | | | | | | | | | | | | | 494c5d548ce3f370c2b771ca6b11e5f41e720da2) to branch 'net.randombit.botan.tls-state-machine' (head b2cd26ff6f093caa79aecb2d674205f45b6aadff)
| | | * Add very basic wildcarding in X509_Certificate::matches_dns_namelloyd2012-04-181-2/+18
| | | |
| | * | Fix various typos, and remove an unused macro in checks/bench.cpplloyd2012-04-231-1/+1
| | | | | | | | | | | | | | | | All reported by Patrick Pelletier.
| * | | Remove get_nanoseconds_clock as we'll rely on std::chrono's highlloyd2012-02-202-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | resolution clock for this in C++11. Now that the only remaining function in time.h is calendar_point, rename the header to calendar.h. Hopefully that last use will go away once a TR2 datetime library becomes available. Use std::chrono inside the library benchmark code.
| * | | propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵lloyd2012-02-2015-214/+145
| |\ \ \ | | |_|/ | |/| | | | | | | | | | | | | | 0ceb9cde62a2b3614901ae85a53546d9fc641326) to branch 'net.randombit.botan.cxx11' (head 777e65950ef3706a82e5df20dcca7fcc999ca533)
| | * | Fixes for GCC 4.7.0 (r183974)lloyd2012-02-071-1/+1
| | | |
| | * | propagate from branch 'net.randombit.botan' (head ↵lloyd2011-06-1314-213/+144
| | |\ \ | | | |/ | | |/| | | | | | | | | | | | | 150bd11dd8090559ee1e83394b8283bf93a018de) to branch 'net.randombit.botan.c++0x' (head 7480693bb3f1e8a4e039a3e7ba3d9a7007f9730e)
| | | * propagate from branch 'net.randombit.botan' (head ↵lloyd2011-03-083-9/+11
| | | |\ | | | | | | | | | | | | | | | | | | | | | | | | | dd068808e5bf87c982765a8bcc314996053a5bdd) to branch 'net.randombit.botan.c++0x' (head 34696d52a8148d64f7021b3e193fc56f051b9dd2)
| | | * | Merge fixupslloyd2011-02-113-80/+7
| | | | |
| | | * | propagate from branch 'net.randombit.botan' (head ↵lloyd2011-02-1114-170/+174
| | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 13a0d36dac3709f3cb88e830ed7f8cab9e7433ab) to branch 'net.randombit.botan.c++0x' (head 2221ad8796466e7e096645de77ba856a9c902d14)
| | | | * \ propagate from branch 'net.randombit.botan' (head ↵lloyd2010-11-294-3/+112
| | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fc8daa606ab7954eab48778d7236986747b719e4) to branch 'net.randombit.botan.c++0x' (head 2bf71b0a2e0e468d7eb3631e4ca284234f554729)
| | | | * \ \ propagate from branch 'net.randombit.botan' (head ↵lloyd2010-11-0415-212/+155
| | | | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 303b2518a80553214b1e5ab4d9b96ef54629cbc7) to branch 'net.randombit.botan.c++0x' (head d734eefabe4816be4dd3e3e6e7bb13b7ab5be148)
| | | | | * \ \ propagate from branch 'net.randombit.botan' (head ↵lloyd2010-10-284-39/+38
| | | | | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2841fb518e20d2fe0a374e4f6b08bdbb14d5d158) to branch 'net.randombit.botan.c++0x' (head 0b9275139d6346bd3aa28d63bf8b8a03851d853d)
| | | | | * \ \ \ propagate from branch 'net.randombit.botan' (head ↵lloyd2010-10-132-0/+2
| | | | | |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 6581b789d58717bc6acee5c6a248e2d44c636e40) to branch 'net.randombit.botan.c++0x' (head 227a989ae94da8f4379ea4b9b0fc0ee8dbdde0c7)
| | | | | * \ \ \ \ propagate from branch 'net.randombit.botan' (head ↵lloyd2010-10-1315-212/+156
| | | | | |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2898d79f992f27a328a3e41d34b46eb1052da0de) to branch 'net.randombit.botan.c++0x' (head 6cba76268fd69a73195760c021b7f881b8a6552c)