Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Ensure all files have copyright and license info. | lloyd | 2015-01-10 | 28 | -28/+28 |
| | | | | | Update license header line to specify the terms and refer to the file, neither of which it included before. | ||||
* | If no certificate stores at all are available skip OCSP checks | lloyd | 2015-01-04 | 1 | -5/+7 |
| | |||||
* | Fix a couple things pointed out by VC++ warnings. | lloyd | 2014-12-22 | 1 | -4/+3 |
| | |||||
* | On Windows fs::path::native() is a u16 string | lloyd | 2014-11-22 | 1 | -1/+1 |
| | |||||
* | Remove unused includes | lloyd | 2014-11-18 | 2 | -2/+0 |
| | |||||
* | Various small fixes and cleanups, new is_prime util | lloyd | 2014-11-03 | 2 | -1/+3 |
| | |||||
* | Fix various warnings from VC++ 2014 and add missing include | lloyd | 2014-10-31 | 2 | -5/+5 |
| | |||||
* | Add default constructors to work around VC2013 issue. Github #17 | lloyd | 2014-05-01 | 1 | -0/+2 |
| | |||||
* | Better TLS checks | lloyd | 2014-04-10 | 1 | -1/+2 |
| | |||||
* | Make X.509 extension decoding failures point back to the problem extension | lloyd | 2014-04-05 | 2 | -10/+17 |
| | |||||
* | X.509 path validation now performs all possible tests and returns a | lloyd | 2014-04-05 | 4 | -137/+153 |
| | | | | | | set of error codes, instead of failing immediately on first error. This prevents a 'weak' error like an expired certificate from hiding a major error such as signature validation failure or hard revocation. | ||||
* | Fix an OCSP response decoding bug, we were not decoding KeyID properly. | lloyd | 2014-04-05 | 1 | -4/+5 |
| | | | | | | | | Also prioritize checking the status code before the dates, as otherwise an attacker could substitue a valid but expired response which marked the cert as revoked and we would still just return OCSP_EXPIRED. Obviously they can still play this game with an old (valid) OCSP response, but no point making it easy. | ||||
* | Don't assume the leading cert chain is presented in-order | lloyd | 2014-02-16 | 1 | -5/+17 |
| | |||||
* | Fix macro feature check | lloyd | 2014-02-15 | 1 | -1/+1 |
| | |||||
* | Check the feature macro before assuming boost.filesystem | lloyd | 2014-02-10 | 1 | -0/+7 |
| | |||||
* | Fix a bug introduced in 1.11.6 where we tried to check CRL signatures | lloyd | 2014-02-08 | 4 | -13/+13 |
| | | | | | | against the wrong key, causing any check to fail. Clean up the NIST X.509 path validation tests and run them by default. | ||||
* | Guess I won't be needing these | lloyd | 2014-01-18 | 8 | -8/+0 |
| | |||||
* | Split up docs into the reference manual, the website, and everything else. | lloyd | 2014-01-10 | 1 | -0/+1 |
| | | | | | | | | | | | Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool | ||||
* | Move lib into src | lloyd | 2014-01-10 | 29 | -0/+5369 |