aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert
Commit message (Collapse)AuthorAgeFilesLines
* Remove algo factory, engines, global RNG, global state, etc.lloyd2015-02-046-12/+21
| | | | | | | | | | | | | | | Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
* Ensure all files have copyright and license info.lloyd2015-01-1045-51/+51
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* If no certificate stores at all are available skip OCSP checkslloyd2015-01-041-5/+7
|
* Fix a couple things pointed out by VC++ warnings.lloyd2014-12-221-4/+3
|
* On Windows fs::path::native() is a u16 stringlloyd2014-11-221-1/+1
|
* Remove unused includeslloyd2014-11-182-2/+0
|
* Various small fixes and cleanups, new is_prime utillloyd2014-11-032-1/+3
|
* Fix various warnings from VC++ 2014 and add missing includelloyd2014-10-312-5/+5
|
* Add default constructors to work around VC2013 issue. Github #17lloyd2014-05-011-0/+2
|
* Better TLS checkslloyd2014-04-101-1/+2
|
* Make X.509 extension decoding failures point back to the problem extensionlloyd2014-04-052-10/+17
|
* X.509 path validation now performs all possible tests and returns alloyd2014-04-054-137/+153
| | | | | | set of error codes, instead of failing immediately on first error. This prevents a 'weak' error like an expired certificate from hiding a major error such as signature validation failure or hard revocation.
* Fix an OCSP response decoding bug, we were not decoding KeyID properly.lloyd2014-04-051-4/+5
| | | | | | | | Also prioritize checking the status code before the dates, as otherwise an attacker could substitue a valid but expired response which marked the cert as revoked and we would still just return OCSP_EXPIRED. Obviously they can still play this game with an old (valid) OCSP response, but no point making it easy.
* Don't assume the leading cert chain is presented in-orderlloyd2014-02-161-5/+17
|
* Add missing std includeslloyd2014-02-161-0/+1
|
* Fix macro feature checklloyd2014-02-151-1/+1
|
* Check the feature macro before assuming boost.filesystemlloyd2014-02-101-0/+7
|
* Fix a bug introduced in 1.11.6 where we tried to check CRL signatureslloyd2014-02-084-13/+13
| | | | | | against the wrong key, causing any check to fail. Clean up the NIST X.509 path validation tests and run them by default.
* Guess I won't be needing theselloyd2014-01-1810-10/+0
|
* Split up docs into the reference manual, the website, and everything else.lloyd2014-01-101-0/+1
| | | | | | | | | | | Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool
* Move lib into srclloyd2014-01-1047-0/+7708