aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/openssl/openssl_x509.c
Commit message (Collapse)AuthorAgeFilesLines
* Treat RSASSA-PSS keys like rsaEncryption RSA keysTobias Brunner2017-11-081-0/+4
| | | | | | | | | | In theory we should treat any parameters and the identifier itself as restriction to only use the key to create signatures accordingly (e.g. only use RSA with PSS padding or even use specific hash algorithms). But that's currently tricky as we'd have to store and pass this information along with our private keys (i.e. use PKCS#8 to store them and change the builder calls to pass along the identifier and parameters). That would require quite some work.
* openssl: Add support for signature schemes with parametersTobias Brunner2017-11-081-18/+23
|
* certificate: Return signature scheme and parameters from issued_by() methodTobias Brunner2017-11-081-7/+12
| | | | | This also required some include restructuring (avoid including library.h in headers) to avoid unresolvable circular dependencies.
* public-key: Add optional parameters argument to verify() methodTobias Brunner2017-11-081-1/+2
|
* openssl: Add support for delta CRLsTobias Brunner2017-09-181-10/+19
|
* certificates: Use shared destructor for x509_cdp_tTobias Brunner2017-09-181-11/+2
|
* openssl: Properly handle flags in key usage extensionTobias Brunner2017-06-141-8/+6
|
* openssl: Update x509 API to OpenSSL 1.1.0Tobias Brunner2016-06-291-12/+48
|
* lib: All settings use configured namespaceTobias Brunner2014-02-121-1/+1
|
* openssl: parse X.509 extended key usage from extension parsing loopMartin Willi2013-07-181-33/+38
| | | | | Otherwise parsing gets aborted if unknown critical extensions are handled as error.
* openssl: show which critical X.509 extension is not supportedMartin Willi2013-07-181-1/+6
|
* openssl: add support for IP addr blocks in X.509 certificatesMichael Rossberg2013-05-241-1/+115
|
* certificate_t.has_subject() matches for certificate serialNumberMartin Willi2012-12-191-0/+4
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-241-1/+1
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-161-2/+2
|
* certificate_t->issued_by takes an argument to receive signature schemeMartin Willi2012-06-121-2/+7
|
* Change order of ocsp uris when parsing a certThomas Egerer2011-11-041-1/+1
|
* openssl: Adding support for key usage x509 extension.Tobias Brunner2011-10-051-1/+42
|
* [hopefully] fixed pathlen problem on ARM platformsAndreas Steffen2011-02-101-3/+7
|
* introduced libstrongswan.x509.enforce_critical parameterAndreas Steffen2011-02-051-2/+4
|
* fixed checking of unknown critical extensions in openssl_x509Andreas Steffen2011-01-311-1/+1
|
* Use a generic getter for all numerical X.509 constraintsMartin Willi2011-01-051-11/+10
|
* Simplified format of x509 CRL URI parsing/enumeratorMartin Willi2011-01-051-72/+34
|
* Added support for policyConstraints to x509 pluginMartin Willi2011-01-051-0/+7
|
* Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for ↵Martin Willi2011-01-051-1/+1
| | | | PolicyConstraints, too
* Added policyMappings support to x509 pluginMartin Willi2011-01-051-0/+1
|
* Added certificatePolicy support to x509 pluginMartin Willi2011-01-051-8/+2
|
* Fail when parsing unsupported critical extensions in openssl_x509Martin Willi2011-01-051-1/+5
|
* Do not parse certificates with invalid version in openssl pluginMartin Willi2011-01-051-0/+7
|
* Added name constraint enumerator to x509 interfaceMartin Willi2011-01-051-0/+1
|
* Added support for CRL Issuers to x509 and OpenSSL pluginsMartin Willi2011-01-051-4/+79
|
* Compare subject against all key identifiers in has_subject()Martin Willi2010-09-091-1/+14
|
* Parse important extendedKeyUsage flags in openssl pluginMartin Willi2010-08-101-0/+33
|
* Parse UPN subjectAltName in openssl pluginMartin Willi2010-08-101-0/+9
|
* Support different encoding types in certificate.get_encoding()Martin Willi2010-07-131-4/+14
|
* Renamed key_encod{ing,der}_t and constants, prepare for generic credential ↵Martin Willi2010-07-131-1/+1
| | | | encoding
* Select subjectAltName address family using address length in openssl pluginMartin Willi2010-06-241-2/+12
|
* Unwrap subjectKeyIdentifier from OCTET_STRINGMartin Willi2010-05-261-4/+12
|
* Removed is_newer() from certificate_t, obsoleting all implementationsMartin Willi2010-05-211-16/+0
|
* Implemented X.509 certificate reading using OpenSSLMartin Willi2010-05-211-0/+859
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-26 08:18:10 +0000