aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509
Commit message (Collapse)AuthorAgeFilesLines
* Remove support for Visual C++ 2013Jack Lloyd2018-10-012-4/+0
| | | | Closes GH #1557
* Fix more MSVC warningsJack Lloyd2018-10-012-3/+3
|
* Fix certstore testsJack Lloyd2018-09-111-0/+1
| | | | Accidentally disabled in 643a4041bedc
* If cert extension parsing fails, replace the object with UnknownJack Lloyd2018-08-232-2/+8
| | | | | | Allows the parse to complete and even allows examining the extension. GH #1652
* Simplify exception messagesJack Lloyd2018-08-223-3/+3
| | | | Remove "Invalid argument" and "Decoding Error" prefixes
* Add path validation to FFIJack Lloyd2018-08-131-0/+1
|
* Expose BER_Decoder constructor taking BER_Object&&Jack Lloyd2018-06-081-2/+2
|
* DER improvementsJack Lloyd2018-05-225-69/+68
| | | | | | | | | | | Let DER_Encoder write to a user specified vector instead of only to an internal vector. This allows encoding to a std::vector without having to first write to a locked vector and then copying out the result. Add ASN1_Object::BER_encode convenience method. Replaces X509_Object::BER_encode which had the same logic but was restricted to a subtype. This replaces many cases where DER_Encoder was just used to encode a single object (X509_DN, AlgorithmIdentifier, etc).
* Use BER_Decoder::get_next to cleanup X.509 cert decoding codeJack Lloyd2018-05-211-14/+13
|
* Remove debug assignment [ci skip]Jack Lloyd2018-04-161-1/+0
|
* Truncate new SKIDs to 192 bitsJack Lloyd2018-04-162-6/+9
| | | | | More than long enough, and saves quite a bit of space especially for SHA-512 certificates.
* Extend Certificate_Store_In_Memory to load just a single cert from fileJack Lloyd2018-03-241-3/+9
|
* Bypass self-signed check in X509_Certificate if AKID and SKID are setJack Lloyd2018-03-241-12/+17
| | | | | | | | If they are they must be either equal (self-signed) or not equal (self-issued). This allows skipping the verification which reduces startup overhead eg when reading the system certificate store. On my systems's cert store it saves about 1/3 of the signature checks.
* Avoid creating a map from a DN when not requiredJack Lloyd2018-03-214-14/+18
|
* Store elements of a DN as a vectorJack Lloyd2018-03-212-59/+59
| | | | | | | This allows retreiving the original ordering which is required for DN string encoding as defined in RFC 4514 Fixes #336
* Support Ed25519 certificate formatJack Lloyd2018-03-202-38/+73
| | | | Able to create certificate chain and verify it with OpenSSL 1.1.1
* Support multiple DNS names through the command line interfaceJack Lloyd2018-03-192-0/+5
|
* Remove use of ;; to end linesJack Lloyd2018-03-191-1/+1
|
* Merge GH #1492 Support custom DN entriesJack Lloyd2018-03-142-67/+56
|\
| * Address review commentsJack Lloyd2018-03-141-2/+2
| |
| * Support custom DN entriesJack Lloyd2018-03-142-67/+56
| | | | | | | | GH #1490
* | Allow the caller to specify the serial number of a generated certJack Lloyd2018-03-142-12/+96
|/ | | | GH #1489
* Handle cert.subject_info("Email")Jack Lloyd2018-03-061-0/+3
| | | | GH #1446
* Include AKID in generated self signed certificatesJack Lloyd2018-03-062-4/+12
| | | | GH #1007
* Add X509_Certificate::subject_public_key_infoJack Lloyd2018-03-052-3/+16
| | | | Fixes #277
* Merge GH #1470 Use soft fail for OCSPJack Lloyd2018-03-046-20/+63
|\
| * Document OCSP softfail/hardfail check behaviour.souch2018-03-021-0/+3
| |
| * OCSP softfail revocation checkMathieu Souchaud2018-03-015-20/+60
| |
* | Fix check_crl_online segfaults, need tests.Mathieu Souchaud2018-03-021-11/+10
| |
* | Fix crash bug in check_crl_onlineJack Lloyd2018-03-011-1/+1
|/ | | | This function almost certainly needs more help. #951
* Add Path_Validation_Result::warnings_string() methodMathieu Souchaud2018-02-282-0/+19
|
* Fix Path_Validation_Result::no_warningsMathieu Souchaud2018-02-281-1/+4
|
* Load every certificates of files found.Mathieu Souchaud2018-02-011-2/+15
|
* Improve X.509 documentationJack Lloyd2018-01-291-1/+9
| | | | GH #1428
* Allow applications to easily override extensions in cert requestsJack Lloyd2018-01-238-121/+201
| | | | | | | | | | | | | Refactor the code so it's possible to create a cert request without going through x509self.h (PKCS10_Request::create). Add Extensions::add_new, so we can add an extension to a PKCS10 request without stomping on one already included by the application. Refactor the X509 unit tests to avoid (some) duplicated key creations. Just create a key once at the start and use it for all of the tests. GH #1428
* Prepare for making BER_Object members privateJack Lloyd2018-01-189-99/+98
| | | | | Now there are usable accessors that allow the library to avoid using BER_Object members directly.
* Avoid including x509_ext.h in pkcs10.hJack Lloyd2018-01-031-1/+1
| | | | No need, forward decl is sufficient.
* use range-based for loop instead of std::for_eachPatrik Fiedler2018-01-031-4/+2
|
* add the detection for the ca issuers field(1.3.6.1.5.5.7.48.2) in x509 ↵Patrik Fiedler2018-01-034-3/+42
| | | | certificates
* Fix build on old ClangJack Lloyd2018-01-011-1/+2
| | | | Clang 3.5 on mac didn't like this.
* Reorder fields of X509_Certificate_Data to reduce sizeJack Lloyd2017-12-301-8/+8
| | | | Just a few bytes but every bit helps.
* Change X509_Certificate to cache cert policies and name constraintsJack Lloyd2017-12-302-20/+20
|
* Deprecate X509_Certificate::policiesJack Lloyd2017-12-301-1/+1
| | | | In favor of the (new) function that returns the OIDs
* Add final annotation on Data_StoreJack Lloyd2017-12-281-1/+1
|
* Change X509_Certificate::subject_public_key_bitstring_sha1 to return const refJack Lloyd2017-12-272-2/+3
|
* Fix a couple Doxygen format errors [ci skip]Jack Lloyd2017-12-261-5/+7
|
* Move DN upper bound function to X509_DN static functionJack Lloyd2017-12-235-32/+17
| | | | | Avoids another public header, and it just makes sense that it be declared there.
* Initialize CRL_Code field in CRL_Entry dataJack Lloyd2017-12-231-1/+1
| | | | If no extensions in the CRL, the field was left uninitialized
* Increase size of CRL code enum to 32-bitsJack Lloyd2017-12-231-1/+1
| | | | BSI test is using a large enum value somewhere.
* Enable signing X509 structures with rsa-pssFabian Weissberg2017-12-225-14/+135
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 05:42:01 +0000