aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/x509
Commit message (Collapse)AuthorAgeFilesLines
* x509: Properly wrap keyid in authorityKeyIdentifier in attribute certificatesTobias Brunner2016-06-061-1/+2
| | | | | | | The correct encoding got lost in bdec2e4f5291 ("refactored openac and its attribute certificate factory"). Fixes #1370.
* Allow msSmartcardLogon EKU to be builtAndreas Steffen2015-12-111-2/+2
|
* Print OCSP single responsesAndreas Steffen2015-12-111-2/+40
|
* Explicitly mention SHA2 algorithm in BLISS OIDs and signature schemesAndreas Steffen2015-11-061-2/+2
|
* x509: Use subjectKeyIdentifier provided by issuer cert when checking CRL issuerTobias Brunner2015-03-061-18/+15
| | | | | | | | | Some CAs don't use SHA-1 hashes of the public key as subjectKeyIdentifier and authorityKeyIdentifier. If that's the case we can't force the calculation of the hash to compare that to authorityKeyIdentifier in the CRL, instead we use the subjectKeyIdentifier stored in the issuer certificate, if available. Otherwise, we fall back to the SHA-1 hash (or comparing the DNs) as before.
* x509: Fix public key reference leak if authority key identifier does not matchMartin Willi2015-02-061-10/+12
|
* Implemented full BLISS support for IKEv2 public key authentication and the ↵Andreas Steffen2014-11-295-7/+11
| | | | pki tool
* Skip the unused bits field of the ASN.1 BIT STRING encodingAndreas Steffen2014-11-291-1/+1
|
* x509: Check return value when signing attribute certificatesMartin Willi2014-06-041-9/+16
| | | | | | In addition that this lets AC generation fail properly if private key signing fails, it also fixes an issue when compiling on Windows with MinGW 4.8.1, where for some reason the attributeCertificateInfo got encoded incorrectly.
* x509: Undef OCSP_RESPONSE from <wincrypt.h> before using itMartin Willi2014-06-041-0/+5
|
* plugins: Don't link with -rdynamic on WindowsMartin Willi2014-06-041-1/+1
|
* x509: Remove some unused ASN1 OID constantsMartin Willi2014-05-162-25/+0
|
* x509: Don't include authKeyIdentifier in self-signed certificatesTobias Brunner2014-04-091-1/+1
| | | | | As the comment indicates this was the intention in d7be2906433a7dcfefc1fd732587865688dbfe1b all along.
* x509: Initialize certs when building optionalSignature for OCSP requestsTobias Brunner2014-04-091-1/+1
|
* Added support for msSmartcardLogon EKUAndreas Steffen2014-04-081-3/+10
|
* x509: CERT_DECODE actually requires KEY_ANYTobias Brunner2014-03-311-3/+1
| | | | | More specific decoders might still be needed, but the x509 plugin should not care which ones.
* x509: Match acert has_subject() against entityName or holder serialMartin Willi2014-03-311-5/+25
| | | | | This allows us to find attribute certificates for a subject certificate in credential sets.
* x509: Replace the comma separated string AC group builder with a list based oneMartin Willi2014-03-311-5/+5
|
* x509: Integrate IETF attribute handling, and obsolete ietf_attributes_tMartin Willi2014-03-311-9/+184
| | | | | The ietf_attributes_t class is used for attribute certificates only these days, and integrating them to x509_ac_t simplifies things significantly.
* x509: Replace fixed acert group string getter by a more dynamic group enumeratorMartin Willi2014-03-311-3/+3
|
* x509: Skip parsing of acert chargingIdentity, as we don't use it anywayMartin Willi2014-03-311-9/+1
|
* x509: Fix some whitespaces and do some minor style cleanups in acertMartin Willi2014-03-311-72/+76
|
* uclibc only defines strndup(3) if _GNU_SOURCE is definedTobias Brunner2014-02-191-2/+2
| | | | References #516.
* lib: All settings use configured namespaceTobias Brunner2014-02-122-2/+2
|
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-3/+4
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* Recognize critical IssuingDistributionPoint CRL extensionAndreas Steffen2013-07-121-0/+3
|
* certificate_t.has_subject() matches for certificate serialNumberMartin Willi2012-12-191-0/+4
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-246-6/+6
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-246-6/+6
|
* Make sure first argument is an int when using %.*s to print e.g. chunksTobias Brunner2012-09-281-1/+1
|
* Properly initialize chunk for extension OID when parsing CRLsTobias Brunner2012-09-281-1/+1
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-163-21/+28
|
* Check rng return value when generating OCSP noncesTobias Brunner2012-07-161-7/+7
|
* certificate_t->issued_by takes an argument to receive signature schemeMartin Willi2012-06-126-10/+37
|
* Fixed return values of several functions (e.g. return FALSE for pointer types).Tobias Brunner2012-05-311-1/+1
|
* Certificate decoding soft-depends on public key decoding of specific typesMartin Willi2012-05-021-0/+3
|
* Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-201-18/+26
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| * Added support for iKEIntermediate X.509 extended key usage flag.Tobias Brunner2012-03-201-6/+14
| | | | | | | | Mac OS X requires server certificates to have this flag set.
| * Some whitespace fixes.Tobias Brunner2012-03-201-22/+22
| |
* | Fix whitespacesAdrian-Ken Rueegsegger2012-01-121-12/+12
| |
* | Allow callers to force ASN.1 date encoding as GENERALIZEDTIME.Tobias Brunner2011-12-233-7/+7
| |
* | Properly ASN.1 encode dates in certificates depending on the year.Tobias Brunner2011-12-233-7/+7
| |
* | Log most X.509 related messages in new ASN log group.Tobias Brunner2011-12-165-57/+57
|/
* Fix resource leak in x509_ocsp_responseThomas Egerer2011-11-041-0/+4
|
* Add features support to x509 pluginAndreas Steffen2011-10-261-42/+38
|
* Migrated x509_pkcs10 to INIT/METHOD macrosAndreas Steffen2011-09-291-78/+52
|
* Migrated x509_ocsp_response to INIT/METHOD macrosAndreas Steffen2011-09-291-84/+58
|
* Migrated x509_ocsp_request to INIT/METHOD macrosAndreas Steffen2011-09-281-75/+51
|
* Migrated x509_ac to INIT/METHOD macrosAndreas Steffen2011-09-281-107/+63
|
* Replaced simple iterator usages.Tobias Brunner2011-07-061-3/+3
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 20:49:17 +0000