aboutsummaryrefslogtreecommitdiffstats
path: root/src/cert
Commit message (Collapse)AuthorAgeFilesLines
* Kill off the quite vestigal pubkey_enums header. Move most of the codelloyd2012-03-288-9/+137
| | | | | | | to key_constraints.{h,cpp} in cert/x509. Move the X509_Encoding enum to x509_key.h Constify argument to X509_Object::check_signature, accidental ommision
* Pass a class to the validation function that represents anylloyd2012-03-282-73/+170
| | | | | | | | | | | | | | restrictions on the validation process. Currently these are if revocation information (CRL or hypothetically OCSP) is required, and what hashes to trust. Default trusted hashes are SHA-1 and SHA-2. This will also be used for policy restrictions, likely other things. The result enum is now a member of Path_Validation_Result Remove the usage restrictions enum. It is easier, for applications that actually care about one of these, to just check the extended constraint attribute on the final result, if everything else validates.
* All of the X509 modules were actually mutually dependent. Ideally thislloyd2012-02-0628-79/+72
| | | | | would be fixed but it's quite hard to do, makes more sense for now to merge then back into one big x509 blog.
* Fully working path validation. Even fixes the cases in PKITS where welloyd2012-02-0611-60/+299
| | | | | got the answer wrong before. Still no policy or name constraints support, though.
* propagate from branch 'net.randombit.botan' (head ↵lloyd2012-02-035-791/+129
|\ | | | | | | | | | | 78a772f3855abc89c3eed2fe8735e8438463399c) to branch 'net.randombit.botan.x509-path-validation' (head 9e678a8bc141087439a1238783006e9892a98450)
| * propagate from branch 'net.randombit.botan' (head ↵lloyd2011-04-225-791/+129
| |\ | | | | | | | | | | | | | | | 8efb138f9a7c0b02429372a9c4e4f6614c5a6b87) to branch 'net.randombit.botan.x509-path-validation' (head af3daa43e17054ae367c02de09f77ab9e5f8136f)
| | * Some changes circa Feb 22lloyd2011-04-222-708/+46
| | |
| | * propagate from branch 'net.randombit.botan' (head ↵lloyd2011-02-221-12/+12
| | |\ | | | | | | | | | | | | | | | | | | | | 8453f801979d78b448a2aff80d2042715a42e843) to branch 'net.randombit.botan.x509-path-validation' (head 084e8139f4b131b5aab6b6359e59324d7681488f)
| | * \ propagate from branch 'net.randombit.botan' (head ↵lloyd2011-02-1421-80/+206
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | a4ea4629f9caa98bd72b87de6050d9e52190d09a) to branch 'net.randombit.botan.x509-path-validation' (head 6217561bf05ef77a49ab2ebe39f16bf7133a005a)
| | * | | New branch for splitting up path validation vs certificate storagelloyd2010-11-013-5/+5
| | | | |
* | | | | Fix the very basic operations for encoding and decoding alloyd2011-05-171-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | certificate policies extension, though it's really not supported at all. Remove test code from secmem.h Fix building the examples
* | | | | Add back BigInt::to_u32bitlloyd2011-05-101-1/+1
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | Fix BigInt::get_substring when length is equal to 32 - an overflow would cause the mask to be equal to 0 thus producing nothing at all. Disable CVC by default, it's not ready for prime time in any sense.
* | | | ECC private keys had two different constructors, one taking a grouplloyd2011-04-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and a random number generator, and the other taking a group and a preset private key value. The DL private keys instead have on constructor for this; if the x value is zero, then a new random key is created. For consistency, do this with ECC as well. ECDH actually didn't have one of these constructors, forcing you to either load from PKCS #8 or else use a random key. Rename EC_Domain_Params to EC_Group, with a typedef for compatability. More doc updates. Update mtn ignores for Sphinx output
* | | | In X509_Certificate::to_string, don't print key ids if emptylloyd2011-04-062-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | Reduce size of serial numbers of new certs from 256 to 128 bits; 2**64 certs is _probably_ sufficient, given that it would take hundreds of exabytes of storage to hold that many certificates. :)
* | | | Fix variable mask warning in Sun C++.lloyd2011-03-011-4/+4
| |_|/ |/| | | | | | | | Make comment clearer on how to enable stlport4 in Sun C++
* | | Use size_t rather than u32bit for loop variableslloyd2011-02-161-12/+12
| |/ |/|
* | Some dependency fixeslloyd2011-02-112-1/+3
| |
* | Remove inclusions of unused headers.lloyd2011-02-102-7/+7
| | | | | | | | Avoid using auto_ptr in the CVC headers.
* | Pull out variable, causes link problems in amalgamationlloyd2011-02-092-3/+3
| |
* | Convert the BER/DER coders to use size_t instead of u32bit for smalllloyd2011-02-0911-22/+26
| | | | | | | | integer values. Update callers.
* | Some cleanups, and add an <ios> include for Sun Studio 12lloyd2011-02-092-40/+47
| |
* | Fix some VC warnings under 64 bit compileslloyd2010-12-132-6/+6
| |
* | Make the random serial numbers 256 bits to ensure they will neverlloyd2010-11-291-1/+1
| | | | | | | | | | | | collide. One might, theoretically, generate 2^64 certificates with a single CA (say, for each particle in a planet wide cloud of smart dust), but 2^128 does not seem possible.
* | Add X509_Certificate::to_stringlloyd2010-11-292-2/+110
| | | | | | | | The x509info example now just calls that
* | Overflow warning in MSVClloyd2010-11-291-1/+2
| |
* | Add a BOTAN_DEPRECATED macro which can provide compile-timelloyd2010-11-021-0/+1
| | | | | | | | deprecation warnings (at least for GCC and VC++). Use in some places.
* | Doxygen updates.lloyd2010-11-021-0/+3
|/ | | | | Remove version of search_map that returns two distinguishing results; only used in one place, and that can be replaced by a call to count()
* s/u32bit/size_t/lloyd2010-10-291-2/+2
|
* s/u32bit/size_t/lloyd2010-10-184-38/+38
|
* Split some of the ASN.1 types into their own headerslloyd2010-10-132-0/+2
|
* Use output_length() instead of OUTPUT_LENGTH pseudo-propertylloyd2010-10-131-1/+1
|
* Fix CRL reason codes and updating of CRLs. Add tests for both cases.lloyd2010-10-074-42/+7
|
* Forward port CRL fixes from rev 7bb2001cd554a1acc3d345914ea710ff0e1d3a6blloyd2010-10-071-7/+12
|
* Add dependencieslloyd2010-09-247-0/+31
|
* Add info.txt filelloyd2010-09-211-0/+1
|
* Remove searching with an arbitrary predicate from X509_Storelloyd2010-09-204-197/+0
|
* Move certificate store to its own dirlloyd2010-09-203-0/+1
|
* Add missing info fileslloyd2010-09-205-0/+6
|
* Add CRL storage possibilitieslloyd2010-09-203-17/+93
|
* Hide X509_Store::check_siglloyd2010-09-201-2/+2
|
* Add a (clunky) function X509_Object::hash_used_for_signature thatlloyd2010-09-202-0/+26
| | | | | | | returns the hash function that was used to create the signature. Useful for a future X509 path validator that inform the user which hash(es) they are relying on and/or allowing the ability to reject hashes which are undesirable (MD2, MD5, etc)
* Don't use SecureVector to store certificate data; mlock'ed memory inlloyd2010-09-173-8/+8
| | | | | particular is precious. Really these could probably just as easily be std::vectors since even zeroizing the memory isn't relevant here.
* Define a simpler Certificate_Store interface which should be muchlloyd2010-09-173-45/+56
| | | | | easier to implement without requiring in-memory linear searching (eg a flatfile store or SQL database with indexes).
* Hide X509_Object constructorlloyd2010-09-171-11/+11
|
* Remove dependencies on X509_Storelloyd2010-09-174-12/+23
|
* Split up src/cert/x509 into a set of modules, though mostly mutuallylloyd2010-09-1726-47/+0
| | | | dependent right now.
* Update all uses of MemoryRegion::append to use either push_back or operator+=lloyd2010-09-156-22/+20
|
* Remove more uses of vector to pointer implicit conversionslloyd2010-09-131-1/+1
|
* Anywhere where we use MemoryRegion::begin to get access to the raw pointerlloyd2010-09-131-7/+5
| | | | | representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector
* Make round_up and round_down templates instead of fixed to use u32bitslloyd2010-06-291-1/+1
|