aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509
Commit message (Collapse)AuthorAgeFilesLines
* Prepare for making BER_Object members privateJack Lloyd2018-01-189-99/+98
| | | | | Now there are usable accessors that allow the library to avoid using BER_Object members directly.
* Avoid including x509_ext.h in pkcs10.hJack Lloyd2018-01-031-1/+1
| | | | No need, forward decl is sufficient.
* use range-based for loop instead of std::for_eachPatrik Fiedler2018-01-031-4/+2
|
* add the detection for the ca issuers field(1.3.6.1.5.5.7.48.2) in x509 ↵Patrik Fiedler2018-01-034-3/+42
| | | | certificates
* Fix build on old ClangJack Lloyd2018-01-011-1/+2
| | | | Clang 3.5 on mac didn't like this.
* Reorder fields of X509_Certificate_Data to reduce sizeJack Lloyd2017-12-301-8/+8
| | | | Just a few bytes but every bit helps.
* Change X509_Certificate to cache cert policies and name constraintsJack Lloyd2017-12-302-20/+20
|
* Deprecate X509_Certificate::policiesJack Lloyd2017-12-301-1/+1
| | | | In favor of the (new) function that returns the OIDs
* Add final annotation on Data_StoreJack Lloyd2017-12-281-1/+1
|
* Change X509_Certificate::subject_public_key_bitstring_sha1 to return const refJack Lloyd2017-12-272-2/+3
|
* Fix a couple Doxygen format errors [ci skip]Jack Lloyd2017-12-261-5/+7
|
* Move DN upper bound function to X509_DN static functionJack Lloyd2017-12-235-32/+17
| | | | | Avoids another public header, and it just makes sense that it be declared there.
* Initialize CRL_Code field in CRL_Entry dataJack Lloyd2017-12-231-1/+1
| | | | If no extensions in the CRL, the field was left uninitialized
* Increase size of CRL code enum to 32-bitsJack Lloyd2017-12-231-1/+1
| | | | BSI test is using a large enum value somewhere.
* Enable signing X509 structures with rsa-pssFabian Weissberg2017-12-225-14/+135
|
* Fix some shadow and unused parameter warningsJack Lloyd2017-12-202-6/+8
|
* Merge GH #1363 Fix various X509 path building and validation bugsJack Lloyd2017-12-2018-48/+683
|\
| * Fix various x509 path validation bugs + path building with ambiguous DNsFabian Weissberg2017-12-2018-48/+683
| | | | | | | | Signed-off-by: Fabian Weissberg <[email protected]>
* | Don't encode AlgorithmIdentifier parameters for ECDSA in X.509 objectsRené Korthaus2017-12-201-2/+5
|/ | | | | RFC 5758 and 4491 mandate that for DSA, ECDSA and GOST, the algorithm identifier "encoding MUST omit the parameters field".
* Merge GH #1364 Expose a function returning status when verifying X509 objectsJack Lloyd2017-12-196-59/+99
|\
| * Expose a function returning a status code for verifing X509 objectsJack Lloyd2017-12-196-59/+99
| | | | | | | | | | | | | | | | | | The versions returning bool just tell us if it could be verified but don't indicate the problem, everything got binned into "signature error" during verification. Now in the event that the params were invalid, or the signature algorithm couldn't be found, report that as a specific error. See GH #1362
* | Add accessors to ASN1_Attribute and AlgorithmIdentifierJack Lloyd2017-12-196-21/+23
|/
* Avoid tying encoding of CRLs to the current system clockJack Lloyd2017-12-182-19/+66
|
* Expose timeouts on the freestanding OCSP request utilsJack Lloyd2017-12-172-6/+24
|
* Use HTTP level timeouts instead of polling on the std::futureJack Lloyd2017-12-172-25/+8
|
* Add ability to fingerprint public keysJack Lloyd2017-12-142-19/+4
|
* Need binary IO for WindowsJack Lloyd2017-12-044-14/+4
|
* Support uninitialized certificate objectsJack Lloyd2017-12-0410-136/+140
| | | | | | | Issued raised by @securitykernel on Slack, there was no non-hacky way to decode a list of certificate objects because creating an uninitialized one wasn't allowed. However after #884 that got much closer to being viable, this is the last pieces.
* CRL_Data is a struct not a classJack Lloyd2017-11-291-1/+2
|
* Allow parsing and printing certificates with unknown public key algosJack Lloyd2017-11-182-6/+31
|
* Fix encoding of subject key identifierJack Lloyd2017-11-165-23/+27
| | | | | | Changed in #884 - we were copying the entire public key as the public key id. Instead hash it with whatever hash we are using to sign the certificate.
* Fix a memory leak in the case where certificate extension decoding fails.Jack Lloyd2017-11-162-30/+33
| | | | | | Introduced in #884 Found by OSS-Fuzz (bug 4249)
* Remove debug abort [ci skip]Jack Lloyd2017-11-141-1/+0
|
* Consolidate function for testing for ASN.1 string typesJack Lloyd2017-11-141-19/+3
|
* Check for keyCertSign on non-CA certificates during validationJack Lloyd2017-11-141-0/+14
| | | | GH #1089
* Fix PKCS10 subject alt name usageJack Lloyd2017-11-144-7/+26
| | | | GH #1010
* Add a test for GH #1252Jack Lloyd2017-11-141-1/+7
|
* Use new APIs in path validation and name constraint handlingJack Lloyd2017-11-142-6/+14
|
* Store CRL_Entry data in shared_ptrJack Lloyd2017-11-142-41/+81
|
* Store X509_CRL data in shared_ptrJack Lloyd2017-11-142-69/+102
|
* Store PKCS10 request data in structureJack Lloyd2017-11-142-65/+85
|
* Refactor certificate extension handlingJack Lloyd2017-11-142-274/+441
|
* Store all data of an X509 certificate in a shared_ptr data struct.Jack Lloyd2017-11-144-364/+567
|
* Use new Decoding_Error constructorJack Lloyd2017-11-141-4/+2
|
* Require SHA-2 for X.509 moduleJack Lloyd2017-11-141-0/+1
| | | | The certstore interface assumes it and it's probably not unreasonable...
* In X509_CA save the hash function usedJack Lloyd2017-11-142-2/+11
|
* Move X509_DN and AlternativeName from asn1 to x509Jack Lloyd2017-11-145-0/+766
|
* Compile fixJack Lloyd2017-11-141-2/+2
|
* Correct issuer field of created CRLsJack Lloyd2017-11-142-6/+6
| | | | Fixes GH #1242
* Remove use of transcodeJack Lloyd2017-11-092-7/+3
|