Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Prepare for making BER_Object members private | Jack Lloyd | 2018-01-18 | 9 | -99/+98 |
| | | | | | Now there are usable accessors that allow the library to avoid using BER_Object members directly. | ||||
* | Avoid including x509_ext.h in pkcs10.h | Jack Lloyd | 2018-01-03 | 1 | -1/+1 |
| | | | | No need, forward decl is sufficient. | ||||
* | use range-based for loop instead of std::for_each | Patrik Fiedler | 2018-01-03 | 1 | -4/+2 |
| | |||||
* | add the detection for the ca issuers field(1.3.6.1.5.5.7.48.2) in x509 ↵ | Patrik Fiedler | 2018-01-03 | 4 | -3/+42 |
| | | | | certificates | ||||
* | Fix build on old Clang | Jack Lloyd | 2018-01-01 | 1 | -1/+2 |
| | | | | Clang 3.5 on mac didn't like this. | ||||
* | Reorder fields of X509_Certificate_Data to reduce size | Jack Lloyd | 2017-12-30 | 1 | -8/+8 |
| | | | | Just a few bytes but every bit helps. | ||||
* | Change X509_Certificate to cache cert policies and name constraints | Jack Lloyd | 2017-12-30 | 2 | -20/+20 |
| | |||||
* | Deprecate X509_Certificate::policies | Jack Lloyd | 2017-12-30 | 1 | -1/+1 |
| | | | | In favor of the (new) function that returns the OIDs | ||||
* | Add final annotation on Data_Store | Jack Lloyd | 2017-12-28 | 1 | -1/+1 |
| | |||||
* | Change X509_Certificate::subject_public_key_bitstring_sha1 to return const ref | Jack Lloyd | 2017-12-27 | 2 | -2/+3 |
| | |||||
* | Fix a couple Doxygen format errors [ci skip] | Jack Lloyd | 2017-12-26 | 1 | -5/+7 |
| | |||||
* | Move DN upper bound function to X509_DN static function | Jack Lloyd | 2017-12-23 | 5 | -32/+17 |
| | | | | | Avoids another public header, and it just makes sense that it be declared there. | ||||
* | Initialize CRL_Code field in CRL_Entry data | Jack Lloyd | 2017-12-23 | 1 | -1/+1 |
| | | | | If no extensions in the CRL, the field was left uninitialized | ||||
* | Increase size of CRL code enum to 32-bits | Jack Lloyd | 2017-12-23 | 1 | -1/+1 |
| | | | | BSI test is using a large enum value somewhere. | ||||
* | Enable signing X509 structures with rsa-pss | Fabian Weissberg | 2017-12-22 | 5 | -14/+135 |
| | |||||
* | Fix some shadow and unused parameter warnings | Jack Lloyd | 2017-12-20 | 2 | -6/+8 |
| | |||||
* | Merge GH #1363 Fix various X509 path building and validation bugs | Jack Lloyd | 2017-12-20 | 18 | -48/+683 |
|\ | |||||
| * | Fix various x509 path validation bugs + path building with ambiguous DNs | Fabian Weissberg | 2017-12-20 | 18 | -48/+683 |
| | | | | | | | | Signed-off-by: Fabian Weissberg <[email protected]> | ||||
* | | Don't encode AlgorithmIdentifier parameters for ECDSA in X.509 objects | René Korthaus | 2017-12-20 | 1 | -2/+5 |
|/ | | | | | RFC 5758 and 4491 mandate that for DSA, ECDSA and GOST, the algorithm identifier "encoding MUST omit the parameters field". | ||||
* | Merge GH #1364 Expose a function returning status when verifying X509 objects | Jack Lloyd | 2017-12-19 | 6 | -59/+99 |
|\ | |||||
| * | Expose a function returning a status code for verifing X509 objects | Jack Lloyd | 2017-12-19 | 6 | -59/+99 |
| | | | | | | | | | | | | | | | | | | The versions returning bool just tell us if it could be verified but don't indicate the problem, everything got binned into "signature error" during verification. Now in the event that the params were invalid, or the signature algorithm couldn't be found, report that as a specific error. See GH #1362 | ||||
* | | Add accessors to ASN1_Attribute and AlgorithmIdentifier | Jack Lloyd | 2017-12-19 | 6 | -21/+23 |
|/ | |||||
* | Avoid tying encoding of CRLs to the current system clock | Jack Lloyd | 2017-12-18 | 2 | -19/+66 |
| | |||||
* | Expose timeouts on the freestanding OCSP request utils | Jack Lloyd | 2017-12-17 | 2 | -6/+24 |
| | |||||
* | Use HTTP level timeouts instead of polling on the std::future | Jack Lloyd | 2017-12-17 | 2 | -25/+8 |
| | |||||
* | Add ability to fingerprint public keys | Jack Lloyd | 2017-12-14 | 2 | -19/+4 |
| | |||||
* | Need binary IO for Windows | Jack Lloyd | 2017-12-04 | 4 | -14/+4 |
| | |||||
* | Support uninitialized certificate objects | Jack Lloyd | 2017-12-04 | 10 | -136/+140 |
| | | | | | | | Issued raised by @securitykernel on Slack, there was no non-hacky way to decode a list of certificate objects because creating an uninitialized one wasn't allowed. However after #884 that got much closer to being viable, this is the last pieces. | ||||
* | CRL_Data is a struct not a class | Jack Lloyd | 2017-11-29 | 1 | -1/+2 |
| | |||||
* | Allow parsing and printing certificates with unknown public key algos | Jack Lloyd | 2017-11-18 | 2 | -6/+31 |
| | |||||
* | Fix encoding of subject key identifier | Jack Lloyd | 2017-11-16 | 5 | -23/+27 |
| | | | | | | Changed in #884 - we were copying the entire public key as the public key id. Instead hash it with whatever hash we are using to sign the certificate. | ||||
* | Fix a memory leak in the case where certificate extension decoding fails. | Jack Lloyd | 2017-11-16 | 2 | -30/+33 |
| | | | | | | Introduced in #884 Found by OSS-Fuzz (bug 4249) | ||||
* | Remove debug abort [ci skip] | Jack Lloyd | 2017-11-14 | 1 | -1/+0 |
| | |||||
* | Consolidate function for testing for ASN.1 string types | Jack Lloyd | 2017-11-14 | 1 | -19/+3 |
| | |||||
* | Check for keyCertSign on non-CA certificates during validation | Jack Lloyd | 2017-11-14 | 1 | -0/+14 |
| | | | | GH #1089 | ||||
* | Fix PKCS10 subject alt name usage | Jack Lloyd | 2017-11-14 | 4 | -7/+26 |
| | | | | GH #1010 | ||||
* | Add a test for GH #1252 | Jack Lloyd | 2017-11-14 | 1 | -1/+7 |
| | |||||
* | Use new APIs in path validation and name constraint handling | Jack Lloyd | 2017-11-14 | 2 | -6/+14 |
| | |||||
* | Store CRL_Entry data in shared_ptr | Jack Lloyd | 2017-11-14 | 2 | -41/+81 |
| | |||||
* | Store X509_CRL data in shared_ptr | Jack Lloyd | 2017-11-14 | 2 | -69/+102 |
| | |||||
* | Store PKCS10 request data in structure | Jack Lloyd | 2017-11-14 | 2 | -65/+85 |
| | |||||
* | Refactor certificate extension handling | Jack Lloyd | 2017-11-14 | 2 | -274/+441 |
| | |||||
* | Store all data of an X509 certificate in a shared_ptr data struct. | Jack Lloyd | 2017-11-14 | 4 | -364/+567 |
| | |||||
* | Use new Decoding_Error constructor | Jack Lloyd | 2017-11-14 | 1 | -4/+2 |
| | |||||
* | Require SHA-2 for X.509 module | Jack Lloyd | 2017-11-14 | 1 | -0/+1 |
| | | | | The certstore interface assumes it and it's probably not unreasonable... | ||||
* | In X509_CA save the hash function used | Jack Lloyd | 2017-11-14 | 2 | -2/+11 |
| | |||||
* | Move X509_DN and AlternativeName from asn1 to x509 | Jack Lloyd | 2017-11-14 | 5 | -0/+766 |
| | |||||
* | Compile fix | Jack Lloyd | 2017-11-14 | 1 | -2/+2 |
| | |||||
* | Correct issuer field of created CRLs | Jack Lloyd | 2017-11-14 | 2 | -6/+6 |
| | | | | Fixes GH #1242 | ||||
* | Remove use of transcode | Jack Lloyd | 2017-11-09 | 2 | -7/+3 |
| |