aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/x509/x509_cert.c
Commit message (Collapse)AuthorAgeFilesLines
* x509: nameConstraints sequence does not require a loopAndreas Steffen2017-05-291-2/+1
| | | | Fixes: CVE-2017-9023
* asn1-parser: Fix CHOICE parsingAndreas Steffen2017-05-291-53/+59
| | | | Fixes: CVE-2017-9023
* x509: Fix leak when parsing CDPs if an invalid one follows valid onesTobias Brunner2017-05-231-2/+2
|
* x509: Manually print CRL/OCSP URIs when fuzzingTobias Brunner2017-05-231-8/+25
| | | | This avoids a warning about the custom %Y printf specifier.
* x509: Fix leak if there is an empty CDPTobias Brunner2017-05-231-1/+7
|
* x509: Fix leak if a certificate contains multiple authorityKeyIdentifiersTobias Brunner2017-05-231-0/+1
|
* x509: Evaluate return codes of parsing functionsAndreas Steffen2017-05-081-39/+123
|
* x509: Do not mark generated addrblock extension as criticalMartin Willi2017-02-271-2/+1
| | | | | | | | | | | | | | While RFC 3779 says we SHOULD mark it is critical, this has severe side effects in practice. The addrblock extension is not widely used nor implemented, and only a few applications can handle this extension. By marking it critical, none of these applications can make use of such certificates where included addrblocks do not matter, such as TLS/HTTPS. If an application wants to make use of addrblocks, that is usually an explicit decision. Then the very same application obviously can handle addrblocks, and there is no need for the extension to be critical. In other words, for local policy checks it is a local matter to handle the extension, hence making it critical is usually not of much help.
* x509: Support encoding the RFC 3779 addrblock extensionMartin Willi2017-02-271-3/+134
|
* Allow msSmartcardLogon EKU to be builtAndreas Steffen2015-12-111-2/+2
|
* Skip the unused bits field of the ASN.1 BIT STRING encodingAndreas Steffen2014-11-291-1/+1
|
* x509: Remove some unused ASN1 OID constantsMartin Willi2014-05-161-5/+0
|
* x509: Don't include authKeyIdentifier in self-signed certificatesTobias Brunner2014-04-091-1/+1
| | | | | As the comment indicates this was the intention in d7be2906433a7dcfefc1fd732587865688dbfe1b all along.
* Added support for msSmartcardLogon EKUAndreas Steffen2014-04-081-3/+10
|
* uclibc only defines strndup(3) if _GNU_SOURCE is definedTobias Brunner2014-02-191-2/+2
| | | | References #516.
* lib: All settings use configured namespaceTobias Brunner2014-02-121-1/+1
|
* certificate_t.has_subject() matches for certificate serialNumberMartin Willi2012-12-191-0/+4
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-241-1/+1
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-161-4/+6
|
* certificate_t->issued_by takes an argument to receive signature schemeMartin Willi2012-06-121-2/+8
|
* Fixed return values of several functions (e.g. return FALSE for pointer types).Tobias Brunner2012-05-311-1/+1
|
* Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-201-18/+26
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| * Added support for iKEIntermediate X.509 extended key usage flag.Tobias Brunner2012-03-201-6/+14
| | | | | | | | Mac OS X requires server certificates to have this flag set.
| * Some whitespace fixes.Tobias Brunner2012-03-201-22/+22
| |
* | Fix whitespacesAdrian-Ken Rueegsegger2012-01-121-12/+12
| |
* | Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.Tobias Brunner2011-12-231-2/+2
| |
* | Properly ASN.1 encode dates in certificates depending on the year.Tobias Brunner2011-12-231-2/+2
| |
* | Log most X.509 related messages in new ASN log group.Tobias Brunner2011-12-161-25/+25
|/
* fixed parsing of X.509 certificatePoliciesAndreas Steffen2011-03-111-4/+4
|
* [hopefully] fixed pathlen problem on ARM platformsAndreas Steffen2011-02-101-15/+20
|
* Some typos fixed.Tobias Brunner2011-02-071-1/+1
|
* introduced libstrongswan.x509.enforce_critical parameterAndreas Steffen2011-02-051-2/+2
|
* Slightly renamed different policyConstraints to distinguish them betterMartin Willi2011-01-051-26/+26
|
* Added support for inhibitAnyPolicy constraint to x509 pluginMartin Willi2011-01-051-33/+57
|
* Use a generic getter for all numerical X.509 constraintsMartin Willi2011-01-051-14/+13
|
* Moved CRL distribution point building to an exportable functionMartin Willi2011-01-051-29/+43
|
* Simplified format of x509 CRL URI parsing/enumeratorMartin Willi2011-01-051-127/+89
|
* Added support for policyConstraints to x509 pluginMartin Willi2011-01-051-6/+122
|
* Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for ↵Martin Willi2011-01-051-3/+3
| | | | PolicyConstraints, too
* Added policyMappings support to x509 pluginMartin Willi2011-01-051-3/+130
|
* Added certificatePolicy support to x509 pluginMartin Willi2011-01-051-3/+163
|
* Added support for generating NameConstraints in x509 pluginMartin Willi2011-01-051-4/+74
|
* Added support for parsing NameConstraints in x509 pluginMartin Willi2011-01-051-0/+59
|
* Added name constraint enumerator to x509 interfaceMartin Willi2011-01-051-1/+29
|
* Migrated x509_cert_t to INIT/METHOD macrosMartin Willi2011-01-051-144/+88
|
* Parse and encode crlSign keyUsage flag in x509 pluginMartin Willi2011-01-051-10/+71
|
* Added support for CRL Issuers to x509 and OpenSSL pluginsMartin Willi2011-01-051-57/+174
|
* Compare subject against all key identifiers in has_subject()Martin Willi2010-09-091-9/+12
|
* has_subject() now resolves ID_KEY_IDsAndreas Steffen2010-09-091-4/+14
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 08:40:34 +0000