aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509/ocsp.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Make exceptions easier to translate to error codesJack Lloyd2018-11-231-1/+4
| | | | | | | | | | | Avoid throwing base Botan::Exception type, as it is difficult to determine what the error is in that case. Add Exception::error_code and Exception::error_type which allows (for error code) more information about the error and (for error type) allows knowing the error type without requiring a sequence of catches. See GH #1742
* DER improvementsJack Lloyd2018-05-221-2/+5
| | | | | | | | | | | Let DER_Encoder write to a user specified vector instead of only to an internal vector. This allows encoding to a std::vector without having to first write to a locked vector and then copying out the result. Add ASN1_Object::BER_encode convenience method. Replaces X509_Object::BER_encode which had the same logic but was restricted to a subtype. This replaces many cases where DER_Encoder was just used to encode a single object (X509_DN, AlgorithmIdentifier, etc).
* OCSP softfail revocation checkMathieu Souchaud2018-03-011-0/+16
|
* Prepare for making BER_Object members privateJack Lloyd2018-01-181-3/+3
| | | | | Now there are usable accessors that allow the library to avoid using BER_Object members directly.
* Add accessors to ASN1_Attribute and AlgorithmIdentifierJack Lloyd2017-12-191-1/+1
|
* Expose timeouts on the freestanding OCSP request utilsJack Lloyd2017-12-171-4/+9
|
* More include header cleanupsJack Lloyd2017-09-211-1/+0
|
* Header file cleanupsJack Lloyd2017-09-211-0/+1
| | | | Some help from include-what-you-use
* Allow OCSP requests without the full subject certificateNuno Goncalves2017-03-041-9/+28
| | | | | | | | | | | | | | | | A OCSP request doesn't need the full subject certificate. This extends the API to require instead of the subject certificate: * OCSP::Request: subject serial. * OCSP::online_check: subject serial AND ocsp responder url. API breaking change: * removal of OCSP::Request::subject() as OCSP::Request doesn't need to hold the certificate, but only the serial. Signed-off-by: Nuno Goncalves <[email protected]>
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-2/+2
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add OCSP stapling support to TLS clientJack Lloyd2016-11-261-3/+7
|
* Add some simple OCSP testsJack Lloyd2016-11-231-0/+2
| | | | | | Nothing much but better than nothing. Also add a useful arg check to OCSP::Request constructor.
* Consult the response for matching certs also, fixes Symantec OCSPJack Lloyd2016-11-231-2/+20
|
* Refactor X.509 path validationJack Lloyd2016-11-231-86/+122
| | | | | | | | | Splits path building, path validation, CRL checks, and OCSP checks into distinct functions in namespace PKIX. The previous path validation APIs remain. Fixes to OCSP to store more information and to handle modern OCSP setups in at least some situations.
* Move cert/x509 to top level and pem and pbes2 to pubkey.Jack Lloyd2016-11-031-0/+251
The `cert` dir was just an artifact of having previously supported CVC (smartcard cert format), removed a long time ago. The pem and pbes2 code is directly related to the pubkey code, in fact the only caller of pbes2 (likely anywhere, not just in the library) is in pkcs8.cpp