aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert/x509
Commit message (Collapse)AuthorAgeFilesLines
* Ensure all files have copyright and license info.lloyd2015-01-1028-28/+28
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* If no certificate stores at all are available skip OCSP checkslloyd2015-01-041-5/+7
|
* Fix a couple things pointed out by VC++ warnings.lloyd2014-12-221-4/+3
|
* On Windows fs::path::native() is a u16 stringlloyd2014-11-221-1/+1
|
* Remove unused includeslloyd2014-11-182-2/+0
|
* Various small fixes and cleanups, new is_prime utillloyd2014-11-032-1/+3
|
* Fix various warnings from VC++ 2014 and add missing includelloyd2014-10-312-5/+5
|
* Add default constructors to work around VC2013 issue. Github #17lloyd2014-05-011-0/+2
|
* Better TLS checkslloyd2014-04-101-1/+2
|
* Make X.509 extension decoding failures point back to the problem extensionlloyd2014-04-052-10/+17
|
* X.509 path validation now performs all possible tests and returns alloyd2014-04-054-137/+153
| | | | | | set of error codes, instead of failing immediately on first error. This prevents a 'weak' error like an expired certificate from hiding a major error such as signature validation failure or hard revocation.
* Fix an OCSP response decoding bug, we were not decoding KeyID properly.lloyd2014-04-051-4/+5
| | | | | | | | Also prioritize checking the status code before the dates, as otherwise an attacker could substitue a valid but expired response which marked the cert as revoked and we would still just return OCSP_EXPIRED. Obviously they can still play this game with an old (valid) OCSP response, but no point making it easy.
* Don't assume the leading cert chain is presented in-orderlloyd2014-02-161-5/+17
|
* Fix macro feature checklloyd2014-02-151-1/+1
|
* Check the feature macro before assuming boost.filesystemlloyd2014-02-101-0/+7
|
* Fix a bug introduced in 1.11.6 where we tried to check CRL signatureslloyd2014-02-084-13/+13
| | | | | | against the wrong key, causing any check to fail. Clean up the NIST X.509 path validation tests and run them by default.
* Guess I won't be needing theselloyd2014-01-188-8/+0
|
* Split up docs into the reference manual, the website, and everything else.lloyd2014-01-101-0/+1
| | | | | | | | | | | Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool
* Move lib into srclloyd2014-01-1029-0/+5369