aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/x509/x509_cert.c
Commit message (Collapse)AuthorAgeFilesLines
* x509: Add support for signature schemes with parametersTobias Brunner2017-11-081-39/+55
| | | | | Also adds support for specifying the hash algorithm for attribute certificate signatures.
* certificate: Return signature scheme and parameters from issued_by() methodTobias Brunner2017-11-081-9/+15
| | | | | This also required some include restructuring (avoid including library.h in headers) to avoid unresolvable circular dependencies.
* private-key: Add optional parameters argument to sign() methodTobias Brunner2017-11-081-1/+2
|
* public-key: Add optional parameters argument to verify() methodTobias Brunner2017-11-081-1/+2
|
* certificates: Use shared destructor for x509_cdp_tTobias Brunner2017-09-181-11/+2
|
* x509: nameConstraints sequence does not require a loopAndreas Steffen2017-05-291-2/+1
| | | | Fixes: CVE-2017-9023
* asn1-parser: Fix CHOICE parsingAndreas Steffen2017-05-291-53/+59
| | | | Fixes: CVE-2017-9023
* x509: Fix leak when parsing CDPs if an invalid one follows valid onesTobias Brunner2017-05-231-2/+2
|
* x509: Manually print CRL/OCSP URIs when fuzzingTobias Brunner2017-05-231-8/+25
| | | | This avoids a warning about the custom %Y printf specifier.
* x509: Fix leak if there is an empty CDPTobias Brunner2017-05-231-1/+7
|
* x509: Fix leak if a certificate contains multiple authorityKeyIdentifiersTobias Brunner2017-05-231-0/+1
|
* x509: Evaluate return codes of parsing functionsAndreas Steffen2017-05-081-39/+123
|
* x509: Do not mark generated addrblock extension as criticalMartin Willi2017-02-271-2/+1
| | | | | | | | | | | | | | While RFC 3779 says we SHOULD mark it is critical, this has severe side effects in practice. The addrblock extension is not widely used nor implemented, and only a few applications can handle this extension. By marking it critical, none of these applications can make use of such certificates where included addrblocks do not matter, such as TLS/HTTPS. If an application wants to make use of addrblocks, that is usually an explicit decision. Then the very same application obviously can handle addrblocks, and there is no need for the extension to be critical. In other words, for local policy checks it is a local matter to handle the extension, hence making it critical is usually not of much help.
* x509: Support encoding the RFC 3779 addrblock extensionMartin Willi2017-02-271-3/+134
|
* Allow msSmartcardLogon EKU to be builtAndreas Steffen2015-12-111-2/+2
|
* Skip the unused bits field of the ASN.1 BIT STRING encodingAndreas Steffen2014-11-291-1/+1
|
* x509: Remove some unused ASN1 OID constantsMartin Willi2014-05-161-5/+0
|
* x509: Don't include authKeyIdentifier in self-signed certificatesTobias Brunner2014-04-091-1/+1
| | | | | As the comment indicates this was the intention in d7be2906433a7dcfefc1fd732587865688dbfe1b all along.
* Added support for msSmartcardLogon EKUAndreas Steffen2014-04-081-3/+10
|
* uclibc only defines strndup(3) if _GNU_SOURCE is definedTobias Brunner2014-02-191-2/+2
| | | | References #516.
* lib: All settings use configured namespaceTobias Brunner2014-02-121-1/+1
|
* certificate_t.has_subject() matches for certificate serialNumberMartin Willi2012-12-191-0/+4
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-241-1/+1
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-161-4/+6
|
* certificate_t->issued_by takes an argument to receive signature schemeMartin Willi2012-06-121-2/+8
|
* Fixed return values of several functions (e.g. return FALSE for pointer types).Tobias Brunner2012-05-311-1/+1
|
* Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-201-18/+26
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| * Added support for iKEIntermediate X.509 extended key usage flag.Tobias Brunner2012-03-201-6/+14
| | | | | | | | Mac OS X requires server certificates to have this flag set.
| * Some whitespace fixes.Tobias Brunner2012-03-201-22/+22
| |
* | Fix whitespacesAdrian-Ken Rueegsegger2012-01-121-12/+12
| |
* | Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.Tobias Brunner2011-12-231-2/+2
| |
* | Properly ASN.1 encode dates in certificates depending on the year.Tobias Brunner2011-12-231-2/+2
| |
* | Log most X.509 related messages in new ASN log group.Tobias Brunner2011-12-161-25/+25
|/
* fixed parsing of X.509 certificatePoliciesAndreas Steffen2011-03-111-4/+4
|
* [hopefully] fixed pathlen problem on ARM platformsAndreas Steffen2011-02-101-15/+20
|
* Some typos fixed.Tobias Brunner2011-02-071-1/+1
|
* introduced libstrongswan.x509.enforce_critical parameterAndreas Steffen2011-02-051-2/+2
|
* Slightly renamed different policyConstraints to distinguish them betterMartin Willi2011-01-051-26/+26
|
* Added support for inhibitAnyPolicy constraint to x509 pluginMartin Willi2011-01-051-33/+57
|
* Use a generic getter for all numerical X.509 constraintsMartin Willi2011-01-051-14/+13
|
* Moved CRL distribution point building to an exportable functionMartin Willi2011-01-051-29/+43
|
* Simplified format of x509 CRL URI parsing/enumeratorMartin Willi2011-01-051-127/+89
|
* Added support for policyConstraints to x509 pluginMartin Willi2011-01-051-6/+122
|
* Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for ↵Martin Willi2011-01-051-3/+3
| | | | PolicyConstraints, too
* Added policyMappings support to x509 pluginMartin Willi2011-01-051-3/+130
|
* Added certificatePolicy support to x509 pluginMartin Willi2011-01-051-3/+163
|
* Added support for generating NameConstraints in x509 pluginMartin Willi2011-01-051-4/+74
|
* Added support for parsing NameConstraints in x509 pluginMartin Willi2011-01-051-0/+59
|
* Added name constraint enumerator to x509 interfaceMartin Willi2011-01-051-1/+29
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-28 20:31:47 +0000