aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/x509/x509_crl.c
Commit message (Collapse)AuthorAgeFilesLines
* x509: Use subjectKeyIdentifier provided by issuer cert when checking CRL issuerTobias Brunner2015-03-061-18/+15
| | | | | | | | | Some CAs don't use SHA-1 hashes of the public key as subjectKeyIdentifier and authorityKeyIdentifier. If that's the case we can't force the calculation of the hash to compare that to authorityKeyIdentifier in the CRL, instead we use the subjectKeyIdentifier stored in the issuer certificate, if available. Otherwise, we fall back to the SHA-1 hash (or comparing the DNs) as before.
* x509: Fix public key reference leak if authority key identifier does not matchMartin Willi2015-02-061-10/+12
|
* Implemented full BLISS support for IKEv2 public key authentication and the ↵Andreas Steffen2014-11-291-1/+1
| | | | pki tool
* lib: All settings use configured namespaceTobias Brunner2014-02-121-1/+1
|
* Recognize critical IssuingDistributionPoint CRL extensionAndreas Steffen2013-07-121-0/+3
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-241-1/+1
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Properly initialize chunk for extension OID when parsing CRLsTobias Brunner2012-09-281-1/+1
|
* certificate_t->issued_by takes an argument to receive signature schemeMartin Willi2012-06-121-1/+5
|
* Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.Tobias Brunner2011-12-231-3/+3
|
* Properly ASN.1 encode dates in certificates depending on the year.Tobias Brunner2011-12-231-3/+3
|
* Log most X.509 related messages in new ASN log group.Tobias Brunner2011-12-161-6/+6
|
* introduced libstrongswan.x509.enforce_critical parameterAndreas Steffen2011-02-051-2/+2
|
* Properly initialize variable 'critical'.Tobias Brunner2011-02-041-1/+1
|
* Added support for delta CRLs to x509 pluginMartin Willi2011-01-051-7/+110
|
* Respect enforce_critical setting in x509 plugin CRLsMartin Willi2011-01-051-0/+8
|
* Parse CRL extensions in a switch statementMartin Willi2011-01-051-18/+24
|
* Use subject, not issuer, of CRL issuing certificateMartin Willi2011-01-051-1/+1
|
* CRLSign keyUsage or CA basicConstraint are sufficient for CRL validationMartin Willi2011-01-051-1/+1
|
* Support different encoding types in certificate.get_encoding()Martin Willi2010-07-131-4/+13
|
* Renamed key_encod{ing,der}_t and constants, prepare for generic credential ↵Martin Willi2010-07-131-1/+1
| | | | encoding
* Use CAs subjectKeyIdentifier as CRLs authorityKeyIdentifierMartin Willi2010-05-211-1/+1
|
* Added support for CRL generation to x509 pluginMartin Willi2010-05-211-3/+186
|
* Removed is_newer() from certificate_t, obsoleting all implementationsMartin Willi2010-05-211-35/+0
|
* Migrated x509_crl_t to INIT/METHOD macrosMartin Willi2010-05-211-95/+70
|
* Adding DBG_LIB to all calls of libstrongswan's version of DBG*.Tobias Brunner2010-04-061-7/+8
|
* streamlined output from get_validity()Andreas Steffen2009-10-061-9/+1
|
* Updated x509 plugin to the new builder APIMartin Willi2009-09-101-63/+23
|
* remove spaces within tabs (\t( )+\t)Martin Willi2009-09-041-2/+2
|
* removed trailing spaces ([[:space:]]+$)Martin Willi2009-09-041-32/+32
|
* changed prefix of crl_reason_t values from CRL_ to CRL_REASON_Andreas Steffen2009-08-311-1/+1
|
* updated x509 plugin to public key/x509 API changesMartin Willi2009-08-261-29/+18
|
* make use of the pem helper plugin to load credentialsMartin Willi2009-08-261-73/+25
|
* created signature_scheme_from_oid() helper functionAndreas Steffen2009-06-091-25/+5
|
* removing svn keyword $Id$ from all filesTobias Brunner2009-04-301-2/+0
|
* merging changes from portability branch back to trunkTobias Brunner2009-04-301-1/+1
| | | | | important change for developers: %Y replaces %D to print identities!
* printf hooks refactored to increase portability (i.e. support for platforms ↵Tobias Brunner2009-03-121-1/+1
| | | | without glibc-compatible customizable printf - the Vstr string library is currently required on such platforms).
* got rid of deprecated create_iterator_locked()Martin Willi2008-11-051-0/+2
|
* refactored credential builderMartin Willi2008-09-021-19/+26
| | | | | | | | | allow enumeration of matching builders try a second builder if the first one fails builder clones resources internally on demand caller frees added resources on failure and success stricter handling of non-supported build parts
* support of ECDSA signatures for all certificate typesAndreas Steffen2008-06-221-0/+3
|
* introduced ASN1_EXIT command in ASN.1 object syntax definitionAndreas Steffen2008-04-281-3/+3
|
* optimized parser->success()Andreas Steffen2008-04-261-4/+2
|
* refactoring of the ASN.1 parserAndreas Steffen2008-04-261-28/+29
|
* compare certificates against full encoding to allow equality check of ↵Martin Willi2008-04-071-5/+9
| | | | untrusted certs
* caching of ocsp responses (experimental), no crl caching yetMartin Willi2008-03-261-28/+6
|
* treat sig_alg and algorithm comparison in a consistent way over all ↵Andreas Steffen2008-03-261-3/+4
| | | | certificate types
* fixed compiler warningsMartin Willi2008-03-261-0/+1
|
* certificate factory can load certs from fileAndreas Steffen2008-03-251-15/+53
|
* included utils/linked_list.hAndreas Steffen2008-03-201-0/+1
|
* made is_newer() a certificate_t methodAndreas Steffen2008-03-181-37/+37
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 17:35:52 +0000