aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509/x509self.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Fix clang-tidy performance warningsJack Lloyd2022-02-061-2/+2
|
* Change arg type of Extensions::{add, add_new, replace}Jack Lloyd2021-04-031-11/+11
|
* Don't use shouting case for ASN1_{Type,Class} valuesJack Lloyd2021-01-131-1/+1
| | | | | Leftover from it being an old style enum, and now that we have split them there is not any further compatability concern.
* Split ASN1 tags enum class into 2 enum classessledgehammer_9992021-01-111-1/+1
| | | | This should improve type safety even more.
* Convert ASN1_Tag to an enum classJack Lloyd2020-12-201-1/+1
|
* Merge X.509 header filesJack Lloyd2020-10-311-0/+1
|
* Reduce usage of oids.h with the addition of some helpers on OIDJack Lloyd2019-08-041-2/+1
|
* Deprecate and replace OIDS::lookupJack Lloyd2019-08-041-1/+1
|
* Update GOST to use 2012 OIDs/paramsJack Lloyd2019-08-031-0/+1
|
* functionality to support multiple OUs, missing unit tests on more_dnsndotb2019-05-071-0/+4
|
* Truncate new SKIDs to 192 bitsJack Lloyd2018-04-161-6/+3
| | | | | More than long enough, and saves quite a bit of space especially for SHA-512 certificates.
* Support multiple DNS names through the command line interfaceJack Lloyd2018-03-191-0/+3
|
* Include AKID in generated self signed certificatesJack Lloyd2018-03-061-3/+10
| | | | GH #1007
* Allow applications to easily override extensions in cert requestsJack Lloyd2018-01-231-61/+19
| | | | | | | | | | | | | Refactor the code so it's possible to create a cert request without going through x509self.h (PKCS10_Request::create). Add Extensions::add_new, so we can add an extension to a PKCS10 request without stomping on one already included by the application. Refactor the X509 unit tests to avoid (some) duplicated key creations. Just create a key once at the start and use it for all of the tests. GH #1428
* Enable signing X509 structures with rsa-pssFabian Weissberg2017-12-221-3/+8
|
* Fix encoding of subject key identifierJack Lloyd2017-11-161-1/+1
| | | | | | Changed in #884 - we were copying the entire public key as the public key id. Instead hash it with whatever hash we are using to sign the certificate.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-3/+3
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Allow custom extensions in X509_Cert_OptionsRené Korthaus2016-12-021-2/+2
| | | | | Allow custom extensions in CA-signed cert requests Add templated getter for extensions
* Pubkey cleanupsJack Lloyd2016-11-121-0/+1
| | | | | | | | | | Add Public_Key::key_length usable for policy checking (as in TLS::Policy::check_peer_key_acceptable) Remove Public_Key::max_input_bits because it didn't make much sense for most algorithms actually. Remove message_parts and message_part_size from PK_Ops
* Move cert/x509 to top level and pem and pbes2 to pubkey.Jack Lloyd2016-11-031-0/+176
The `cert` dir was just an artifact of having previously supported CVC (smartcard cert format), removed a long time ago. The pem and pbes2 code is directly related to the pubkey code, in fact the only caller of pbes2 (likely anywhere, not just in the library) is in pkcs8.cpp