aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509
Commit message (Collapse)AuthorAgeFilesLines
* Add OCSP stapling support to TLS clientJack Lloyd2016-11-264-17/+51
|
* Fix TLS tests wrt validation changesJack Lloyd2016-11-251-2/+2
| | | | Create empty CRLs so that revocation information is available.
* Add a test for to_string(Certificate_Status_Code)Jack Lloyd2016-11-251-5/+5
|
* Address review comments from @cordneyJack Lloyd2016-11-255-114/+249
| | | | | | | | | | | | Primarily doc updates but also expose some more logic in PKIX namespace, overall_status and merge_revocation_status. This allows calling more or less all of the logic used by the monolitic x509_path_validate in any way needed by an application. Add Certificate_Store_In_Memory::add_crl variant taking shared_ptr Add optional Certificate_Store_In_Memory* pointer to check_crl_online, valid CRLs are saved there.
* Fix popping empty container if no revocation data availableJack Lloyd2016-11-231-2/+2
|
* Add macro signalling support for online revocation checks.Jack Lloyd2016-11-232-3/+7
|
* Better OCSP tests including online testsJack Lloyd2016-11-232-2/+10
| | | | Tests touching network are gated by --run-online-tests flag.
* Add some simple OCSP testsJack Lloyd2016-11-231-0/+2
| | | | | | Nothing much but better than nothing. Also add a useful arg check to OCSP::Request constructor.
* Consult the response for matching certs also, fixes Symantec OCSPJack Lloyd2016-11-231-2/+20
|
* Refactor X.509 path validationJack Lloyd2016-11-237-356/+744
| | | | | | | | | Splits path building, path validation, CRL checks, and OCSP checks into distinct functions in namespace PKIX. The previous path validation APIs remain. Fixes to OCSP to store more information and to handle modern OCSP setups in at least some situations.
* Add find_cert_by_pubkey_sha1 to Certificate_Store_In_MemoryJack Lloyd2016-11-234-55/+64
|
* Add X509_Certificate helper functions for OCSPJack Lloyd2016-11-232-4/+43
| | | | | Using the SHA-1 of the public key to identify the signing cert is hardcoded in OCSP and unlikely to change.
* Explicitly number all Certificate_Status_Code enum valuesJack Lloyd2016-11-232-25/+146
| | | | Add a to_string function for this type.
* Add key_constraints_to_string, GOST-34.10 cert handlingJack Lloyd2016-11-183-5/+64
| | | | Add some try/catch blocks to the X.509 tests, and use create_private_key API
* Pubkey cleanupsJack Lloyd2016-11-123-4/+3
| | | | | | | | | | Add Public_Key::key_length usable for policy checking (as in TLS::Policy::check_peer_key_acceptable) Remove Public_Key::max_input_bits because it didn't make much sense for most algorithms actually. Remove message_parts and message_part_size from PK_Ops
* Simplify some code by using T::create_or_throwJack Lloyd2016-11-031-3/+1
|
* Remove ability to add OIDS at runtime. Remove global OID lock.Jack Lloyd2016-11-031-2/+1
| | | | | | | | | | | OID map is now generated from an input file on an as needed basis. Just uses a sequence of ifs - simple, fast, and small code size. Merges oid_lookup sub-module which was already required by asn1 anyway, so completely non-optional. Removes @neusdan's nice OID tests since without any runtime adds the tests are moot.
* Move cert/x509 to top level and pem and pbes2 to pubkey.Jack Lloyd2016-11-0337-0/+7052
The `cert` dir was just an artifact of having previously supported CVC (smartcard cert format), removed a long time ago. The pem and pbes2 code is directly related to the pubkey code, in fact the only caller of pbes2 (likely anywhere, not just in the library) is in pkcs8.cpp
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-15 04:54:40 +0000