aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert
Commit message (Collapse)AuthorAgeFilesLines
* X.509 Name ConstraintsKai Michaelis2016-03-108-7/+626
|
* Fix remaining Wshadow warnings and enable on gcc and clangRené Korthaus2016-02-181-1/+1
|
* Merge GH #408 Add final attribute on many classesJack Lloyd2016-01-126-17/+17
|\
| * Add final attribute to many classesJack Lloyd2016-01-106-17/+17
| | | | | | | | | | | | | | In some cases this can offer better optimization, via devirtualization. And it lets the user know the class is not intended for derivation. Some discussion in GH #402
* | Prefix more member vars with m_ prefixRené Korthaus2016-01-112-85/+85
|/
* Mass-prefix member vars with m_René Korthaus2016-01-0825-271/+283
|
* String comparision fixesDaniel Neus2016-01-048-11/+11
| | | | fix PVS-Studio perfomance warnings
* some trivial compiler/PVS-Studio warning fixesDaniel Neus2015-12-222-2/+2
|
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-115-16/+16
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Update and consolidate the test framework.Jack Lloyd2015-11-111-1/+1
| | | | | | | | | | | The tests previously had used 4 to 6 different schemes internally (the vec file reader framework, Catch, the old InSiTo Boost.Test tests, the PK/BigInt tests which escaped the rewrite in 1.11.7, plus a number of one-offs). Converge on a design that works everywhere, and update all the things. Fix also a few bugs found by the test changes: SHA-512-256 name incorrect, OpenSSL RC4 name incorrect, signature of FFI function botan_pubkey_destroy was wrong.
* Add check for path validation result in Credentials_Manager. GH #324Jack Lloyd2015-11-042-1/+4
|
* Merge pull request #313 from randombit/path-validation-fixesJack Lloyd2015-10-267-96/+148
|\ | | | | Fix cert validation bugs found by x509test.
| * Fix cert validation bugs found by x509test.Jack Lloyd2015-10-237-96/+148
| | | | | | | | Add test suite with certs from x509test
* | Update doc for issuer_dn() and subject_dn()Simon Warta2015-10-202-8/+2
|/ | | | [ci skip]
* Export X.509 certificates to ffi and pythonJack Lloyd2015-10-011-0/+1
| | | | Missing path validation, probably other things
* Avoid concatination of charsSimon Warta2015-09-221-1/+1
| | | | | | | Ever tried? auto str = "some long string"; auto str2 = str + '\n'; It's not with the brainfuck finding the bug.
* Remove use of lookup.h in favor of new T::create API.Jack Lloyd2015-09-213-7/+8
|
* Sometimes we don't know the input format. But it is one of twoSimon Warta2015-08-113-6/+6
|
* Remove string constructor of X509_Time()Simon Warta2015-08-114-10/+10
| | | | | | | | | | | * Break down string representations to to_string() and readable_string() * Add m_ prefix to member variable names * Fix order of methods * Move comments Doxygen friendly to header * Make set_to() private (future subjejt of refectoring); People should use constructor Closes #185
* Remove unused pkcs8 includesSimon Warta2015-08-034-4/+0
| | | | Only botan-cli, botan-tests and the FFI module depend on PKCS8
* x509: Add missing overridesDaniel Seither2015-07-306-77/+90
|
* Fix typosSimon Warta2015-07-242-3/+3
| | | | Thanks to @vlajos https://github.com/vlajos/misspell_fixer
* Refactor internal/filesystem.hSimon Warta2015-07-161-2/+2
| | | | Closes #198
* Make Botan compile when only some modules are enabledSimon Warta2015-07-031-1/+0
| | | | Fixes #146.
* Fix module dependencies of x509 and pubkeySimon Warta2015-06-301-0/+2
|
* lib/cert: Convert &vec[0] to vec.data()Simon Warta2015-06-272-6/+10
|
* Fix code that triggers a strange MSVC 'performance warning'git2015-04-081-1/+1
| | | | Github pull 74 from Chris Desjardins
* Fix memory leak in TLS tests. Remove last few remaining uses of auto_ptr.lloyd2015-03-082-0/+7
|
* Hide all uses of boost filesystem in fs.cpp. Use readdir as anlloyd2015-02-212-22/+7
| | | | | alternate implementation for Unix and add some feature checks so a boost-free build of the tests and command line are possible again.
* Remove algo factory, engines, global RNG, global state, etc.lloyd2015-02-046-12/+21
| | | | | | | | | | | | | | | Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
* Ensure all files have copyright and license info.lloyd2015-01-1045-51/+51
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* If no certificate stores at all are available skip OCSP checkslloyd2015-01-041-5/+7
|
* Fix a couple things pointed out by VC++ warnings.lloyd2014-12-221-4/+3
|
* On Windows fs::path::native() is a u16 stringlloyd2014-11-221-1/+1
|
* Remove unused includeslloyd2014-11-182-2/+0
|
* Various small fixes and cleanups, new is_prime utillloyd2014-11-032-1/+3
|
* Fix various warnings from VC++ 2014 and add missing includelloyd2014-10-312-5/+5
|
* Add default constructors to work around VC2013 issue. Github #17lloyd2014-05-011-0/+2
|
* Better TLS checkslloyd2014-04-101-1/+2
|
* Make X.509 extension decoding failures point back to the problem extensionlloyd2014-04-052-10/+17
|
* X.509 path validation now performs all possible tests and returns alloyd2014-04-054-137/+153
| | | | | | set of error codes, instead of failing immediately on first error. This prevents a 'weak' error like an expired certificate from hiding a major error such as signature validation failure or hard revocation.
* Fix an OCSP response decoding bug, we were not decoding KeyID properly.lloyd2014-04-051-4/+5
| | | | | | | | Also prioritize checking the status code before the dates, as otherwise an attacker could substitue a valid but expired response which marked the cert as revoked and we would still just return OCSP_EXPIRED. Obviously they can still play this game with an old (valid) OCSP response, but no point making it easy.
* Don't assume the leading cert chain is presented in-orderlloyd2014-02-161-5/+17
|
* Add missing std includeslloyd2014-02-161-0/+1
|
* Fix macro feature checklloyd2014-02-151-1/+1
|
* Check the feature macro before assuming boost.filesystemlloyd2014-02-101-0/+7
|
* Fix a bug introduced in 1.11.6 where we tried to check CRL signatureslloyd2014-02-084-13/+13
| | | | | | against the wrong key, causing any check to fail. Clean up the NIST X.509 path validation tests and run them by default.
* Guess I won't be needing theselloyd2014-01-1810-10/+0
|
* Split up docs into the reference manual, the website, and everything else.lloyd2014-01-101-0/+1
| | | | | | | | | | | Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool
* Move lib into srclloyd2014-01-1047-0/+7708