| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
It's not so obvious to a user at which end of the chain
the end entity certificate must be placed.
|
| |
|
|
|
|
|
| |
Effectively disables 1024 bit RSA as well as SHA-1.
Edit the tests where required to enable it again.
|
|
|
|
| |
Little easier to read perhaps, and helps prevent some astyle confusion.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Primarily doc updates but also expose some more logic in PKIX namespace,
overall_status and merge_revocation_status. This allows calling more or less all
of the logic used by the monolitic x509_path_validate in any way needed by an
application.
Add Certificate_Store_In_Memory::add_crl variant taking shared_ptr
Add optional Certificate_Store_In_Memory* pointer to check_crl_online,
valid CRLs are saved there.
|
| |
|
|
|
|
|
|
|
|
|
| |
Splits path building, path validation, CRL checks, and OCSP checks
into distinct functions in namespace PKIX. The previous path validation
APIs remain.
Fixes to OCSP to store more information and to handle modern OCSP setups
in at least some situations.
|
|
The `cert` dir was just an artifact of having previously supported
CVC (smartcard cert format), removed a long time ago.
The pem and pbes2 code is directly related to the pubkey code,
in fact the only caller of pbes2 (likely anywhere, not just
in the library) is in pkcs8.cpp
|