aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509
Commit message (Collapse)AuthorAgeFilesLines
* functionality to support multiple OUs, missing unit tests on more_dnsndotb2019-05-072-0/+12
|
* use map of vectors instead of multimap in flatfile certstorTim Oesterreich2019-05-072-14/+13
|
* Fix some build/test problems with minimized buildsJack Lloyd2019-04-261-0/+11
|
* Fix some Doxygen errorsJack Lloyd2019-04-221-0/+1
|
* Check parsing of mapsJack Lloyd2019-04-181-2/+1
| | | | | | | | Previous commit changed the parsing of <libs> and <frameworks> from being lists to maps. But this broke macOS certstore which defined frameworks on individual lines, causing only one to be used. Add a test that maps don't have duplicated entries, and fix the info.txt
* Add a wrapper class that wraps macOS or Linux certificate stores.Jack Lloyd2019-04-137-9/+145
|
* consolidate into Flatfile_Certificate_StorePatrick Schmidt2019-04-125-76/+26
|
* add Certstore for linuxPatrick Schmidt2019-04-123-0/+61
|
* add Flatfile_Certificate_StorePatrick Schmidt2019-04-123-0/+232
|
* Support verifying from a v1 rootJack Lloyd2019-04-111-0/+9
| | | | | | Discovered in #1885, the "Verisign Class 3 Public Primary Certification Authority - G3" is a v1 certificate and is still included in distro trust stores.
* FIX: disable conflicting apple assertion macrosRené Meusel2019-04-081-0/+1
|
* Rename 'darwin' target to 'macos'Jack Lloyd2019-03-271-3/+3
| | | | | Both because that's the more common term, and because iOS/watchOS also uses the Darwin kernel, but we have a distinct target for mobile.
* Fix some warnings from GCC 9Jack Lloyd2019-03-251-1/+1
| | | | New redundant-move and pessimizing-move warnings found some
* s/as_string/to_string/Jack Lloyd2019-03-014-8/+8
| | | | | A few older APIs use as_string where everywhere else uses to_string. Add to_string's where missing, and deprecate X::as_string.
* Constify a few things in X509_Certificate::to_string()Jack Lloyd2019-03-011-5/+12
|
* add an adaptor for certificate keychain access on macOSRené Meusel2019-02-183-0/+569
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | FIX: build on non-macOS platforms FIX: move constructor of scoped_CFType implement Certificate_Store_MacOS::all_subjects() Refactor: factor out X509 policy creation FIX: cosmetics FIX: code cosmetics * Refactor: use a unique_ptr rather than free() * Refactor: use a unique_ptr rather than free() * use std::shared_ptr<> for Pimpl * double-check opening of cert stores * add some documentation * copyright notice dates shush clang compiler warning -Wcast-qual See here for details: https://bugs.webkit.org/show_bug.cgi?id=177893 shush -Wmissing-braces on Travis CI (hopefully) FIX: crash when no certificate matches FIX: 'normalize' DNs according to Apple's needs FIX: take early review comments into account FIX: compiler warning regarding variable shadowing add timers to the cerstore tests FIX: catch invalid SHA-1 parameter FIX: handle ambiguous match in .find_cert_by_pubkey_sha1() according to the super-class's documentation FIX: API documentation FIX: cosmetics make Certificate_Store_MacOS::find_crl_for() return {} FIX: low-hanging review comments FIX: more review comments FIX: compiler warnings
* Remove trailing whitespaceJack Lloyd2019-01-133-3/+3
|
* Correct spellingJack Lloyd2018-12-291-0/+1
|
* Make significant_words const time alsoJack Lloyd2018-12-231-1/+1
| | | | | | Only used in one place, where const time doesn't matter, but can't hurt. Remove low_bit, can be replaced by ctz.
* Fix more MSVC warningsJack Lloyd2018-12-041-1/+1
|
* Silence MSVC warningsJack Lloyd2018-12-041-2/+2
| | | | static_casts for the compiler god
* Make exceptions easier to translate to error codesJack Lloyd2018-11-237-11/+17
| | | | | | | | | | | Avoid throwing base Botan::Exception type, as it is difficult to determine what the error is in that case. Add Exception::error_code and Exception::error_type which allows (for error code) more information about the error and (for error type) allows knowing the error type without requiring a sequence of catches. See GH #1742
* Remove support for Visual C++ 2013Jack Lloyd2018-10-012-4/+0
| | | | Closes GH #1557
* Fix more MSVC warningsJack Lloyd2018-10-012-3/+3
|
* Fix certstore testsJack Lloyd2018-09-111-0/+1
| | | | Accidentally disabled in 643a4041bedc
* If cert extension parsing fails, replace the object with UnknownJack Lloyd2018-08-232-2/+8
| | | | | | Allows the parse to complete and even allows examining the extension. GH #1652
* Simplify exception messagesJack Lloyd2018-08-223-3/+3
| | | | Remove "Invalid argument" and "Decoding Error" prefixes
* Add path validation to FFIJack Lloyd2018-08-131-0/+1
|
* Expose BER_Decoder constructor taking BER_Object&&Jack Lloyd2018-06-081-2/+2
|
* DER improvementsJack Lloyd2018-05-225-69/+68
| | | | | | | | | | | Let DER_Encoder write to a user specified vector instead of only to an internal vector. This allows encoding to a std::vector without having to first write to a locked vector and then copying out the result. Add ASN1_Object::BER_encode convenience method. Replaces X509_Object::BER_encode which had the same logic but was restricted to a subtype. This replaces many cases where DER_Encoder was just used to encode a single object (X509_DN, AlgorithmIdentifier, etc).
* Use BER_Decoder::get_next to cleanup X.509 cert decoding codeJack Lloyd2018-05-211-14/+13
|
* Remove debug assignment [ci skip]Jack Lloyd2018-04-161-1/+0
|
* Truncate new SKIDs to 192 bitsJack Lloyd2018-04-162-6/+9
| | | | | More than long enough, and saves quite a bit of space especially for SHA-512 certificates.
* Extend Certificate_Store_In_Memory to load just a single cert from fileJack Lloyd2018-03-241-3/+9
|
* Bypass self-signed check in X509_Certificate if AKID and SKID are setJack Lloyd2018-03-241-12/+17
| | | | | | | | If they are they must be either equal (self-signed) or not equal (self-issued). This allows skipping the verification which reduces startup overhead eg when reading the system certificate store. On my systems's cert store it saves about 1/3 of the signature checks.
* Avoid creating a map from a DN when not requiredJack Lloyd2018-03-214-14/+18
|
* Store elements of a DN as a vectorJack Lloyd2018-03-212-59/+59
| | | | | | | This allows retreiving the original ordering which is required for DN string encoding as defined in RFC 4514 Fixes #336
* Support Ed25519 certificate formatJack Lloyd2018-03-202-38/+73
| | | | Able to create certificate chain and verify it with OpenSSL 1.1.1
* Support multiple DNS names through the command line interfaceJack Lloyd2018-03-192-0/+5
|
* Remove use of ;; to end linesJack Lloyd2018-03-191-1/+1
|
* Merge GH #1492 Support custom DN entriesJack Lloyd2018-03-142-67/+56
|\
| * Address review commentsJack Lloyd2018-03-141-2/+2
| |
| * Support custom DN entriesJack Lloyd2018-03-142-67/+56
| | | | | | | | GH #1490
* | Allow the caller to specify the serial number of a generated certJack Lloyd2018-03-142-12/+96
|/ | | | GH #1489
* Handle cert.subject_info("Email")Jack Lloyd2018-03-061-0/+3
| | | | GH #1446
* Include AKID in generated self signed certificatesJack Lloyd2018-03-062-4/+12
| | | | GH #1007
* Add X509_Certificate::subject_public_key_infoJack Lloyd2018-03-052-3/+16
| | | | Fixes #277
* Merge GH #1470 Use soft fail for OCSPJack Lloyd2018-03-046-20/+63
|\
| * Document OCSP softfail/hardfail check behaviour.souch2018-03-021-0/+3
| |
| * OCSP softfail revocation checkMathieu Souchaud2018-03-015-20/+60
| |