| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
It is not a general purpose util or something we want applications to use.
It is only used by x509 and hopefully will be removed from there soon enough.
|
| |
|
|
|
| |
Effectively disables 1024 bit RSA as well as SHA-1.
Edit the tests where required to enable it again.
|
| | |
|
| |
|
|
| |
Little easier to read perhaps, and helps prevent some astyle confusion.
|
| |
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
| | |
|
| |
|
|
|
| |
Allow custom extensions in CA-signed cert requests
Add templated getter for extensions
|
| | |
|
| |
|
|
| |
Create empty CRLs so that revocation information is available.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Primarily doc updates but also expose some more logic in PKIX namespace,
overall_status and merge_revocation_status. This allows calling more or less all
of the logic used by the monolitic x509_path_validate in any way needed by an
application.
Add Certificate_Store_In_Memory::add_crl variant taking shared_ptr
Add optional Certificate_Store_In_Memory* pointer to check_crl_online,
valid CRLs are saved there.
|
| | |
|
| | |
|
| |
|
|
| |
Tests touching network are gated by --run-online-tests flag.
|
| |
|
|
|
|
| |
Nothing much but better than nothing.
Also add a useful arg check to OCSP::Request constructor.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Splits path building, path validation, CRL checks, and OCSP checks
into distinct functions in namespace PKIX. The previous path validation
APIs remain.
Fixes to OCSP to store more information and to handle modern OCSP setups
in at least some situations.
|
| | |
|
| |
|
|
|
| |
Using the SHA-1 of the public key to identify the signing cert is
hardcoded in OCSP and unlikely to change.
|
| |
|
|
| |
Add a to_string function for this type.
|
| |
|
|
| |
Add some try/catch blocks to the X.509 tests, and use create_private_key API
|
| |
|
|
|
|
|
|
|
|
| |
Add Public_Key::key_length usable for policy checking (as in
TLS::Policy::check_peer_key_acceptable)
Remove Public_Key::max_input_bits because it didn't make much sense
for most algorithms actually.
Remove message_parts and message_part_size from PK_Ops
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
OID map is now generated from an input file on an as needed basis.
Just uses a sequence of ifs - simple, fast, and small code size.
Merges oid_lookup sub-module which was already required by asn1 anyway,
so completely non-optional.
Removes @neusdan's nice OID tests since without any runtime adds the
tests are moot.
|
|
|
The `cert` dir was just an artifact of having previously supported
CVC (smartcard cert format), removed a long time ago.
The pem and pbes2 code is directly related to the pubkey code,
in fact the only caller of pbes2 (likely anywhere, not just
in the library) is in pkcs8.cpp
|
