aboutsummaryrefslogtreecommitdiffstats
path: root/src/pki/commands/self.c
Commit message (Collapse)AuthorAgeFilesLines
* Support BLISS signatures with SHA-3 hashAndreas Steffen2015-11-031-1/+2
|
* pki: Choose default digest based on the signature keyTobias Brunner2015-03-231-2/+6
|
* pki: Use SHA-256 as default for signaturesTobias Brunner2015-03-231-10/+2
| | | | | | Since the BLISS private key supports this we don't do any special handling anymore (if the user choses a digest that is not supported, signing will simply fail later because no signature scheme will be found).
* Allow SHA256 and SHA384 data hash for BLISS signatures.Andreas Steffen2015-02-261-3/+7
| | | | | The default is SHA512 since this hash function is also used for the c_indices random oracle.
* Implemented full BLISS support for IKEv2 public key authentication and the ↵Andreas Steffen2014-11-291-1/+5
| | | | pki tool
* Started implementing BLISS signature generationAndreas Steffen2014-11-291-2/+8
|
* pki: Switch to binary mode on Windows when reading/writing DER to FDsMartin Willi2014-06-041-0/+2
|
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-161-2/+1
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* pki: Removed extra continue statementTobias Brunner2014-04-091-1/+0
|
* Added support for msSmartcardLogon EKUAndreas Steffen2014-04-081-1/+5
|
* pki: Support absolute --not-before/after self-signed certificate lifetimesMartin Willi2014-03-311-5/+22
|
* pki: Don't generate negative random serial numbers in X.509 certificatesMartin Willi2014-03-311-0/+1
| | | | According to RFC 5280 4.1.2.2 we MUST force non-negative serial numbers.
* chunk: Use dynamically allocated buffer in chunk_from_fd()Martin Willi2014-01-231-1/+7
| | | | | | | | When acting on files, we can use fstat() to estimate the buffer size. On non-file FDs, we dynamically increase an allocated buffer. Additionally we slightly change the function signature to properly handle zero-length files and add appropriate unit tests.
* pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOBTobias Brunner2013-10-231-1/+5
| | | | This allows more than one builder to try parsing the data read from STDIN.
* pki: Add pki --self man pageTobias Brunner2013-09-131-2/+2
| | | | Can be opened with "man pki --self".
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Use centralized hasher names in pki utilityMartin Willi2012-07-171-2/+2
|
* Check rng return value when generating serial numbers in pki utilityTobias Brunner2012-07-161-4/+4
|
* Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-201-0/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| * Added support for iKEIntermediate flag to ipsec pki.Tobias Brunner2012-03-201-0/+4
| |
* | pki: Avoid integer overflow when calculating certificate lifetimes.Tobias Brunner2011-12-231-1/+1
|/ | | | This only works properly if sizeof(time_t) > 4.
* Slightly renamed different policyConstraints to distinguish them betterMartin Willi2011-01-051-6/+6
|
* Added inhibitAnyPolicy constraint support to pki toolMartin Willi2011-01-051-2/+7
|
* Added policyConstraints support to pki toolMartin Willi2011-01-051-21/+34
|
* Slightly renamed X509_NO_PATH_LEN_CONSTRAINT to use it for ↵Martin Willi2011-01-051-1/+1
| | | | PolicyConstraints, too
* Added policyMappings support to pki toolMartin Willi2011-01-051-6/+50
|
* Added certificatePolicy options to pki toolMartin Willi2011-01-051-2/+50
|
* pki --issue/self support permitted/excluded NameConstraintsMartin Willi2011-01-051-16/+35
|
* pki tool shows and builds crlSign keyUsageMartin Willi2011-01-051-1/+5
|
* Added PKCS#11 private key support to the pki toolMartin Willi2010-08-041-3/+16
|
* Added pki PEM encoding support for certificates, CRLs and PKCS10 requestsMartin Willi2010-07-131-4/+12
|
* Support different encoding types in certificate.get_encoding()Martin Willi2010-07-131-2/+1
|
* Changed default lifetime of certificates to 3 yearsMartin Willi2010-05-311-2/+2
|
* Support extendedKeyUsage flags in self-signed certificatesMartin Willi2010-05-311-0/+16
|
* we don't accept a serial number with leading zeroesAndreas Steffen2010-03-141-0/+5
|
* ipsec pki --self|issue supports --pathlen option setting a path length ↵Andreas Steffen2009-12-311-1/+6
| | | | constraint
* Removed obsolete per-command debug level optionMartin Willi2009-09-161-3/+0
|
* Handle pki --debug and --options in a generic way for all commandMartin Willi2009-09-151-28/+14
|
* pki tool supports single letter short optionsMartin Willi2009-09-151-1/+1
|
* enable debug level settingAndreas Steffen2009-09-141-0/+4
|
* fixed another typoAndreas Steffen2009-09-121-1/+1
|
* fixed typoAndreas Steffen2009-09-121-2/+2
|
* pki tool can issue/self-sign certificates with OCSP URIsMartin Willi2009-09-111-4/+12
|
* Use dynamic registration/usage invocation of command typesMartin Willi2009-09-101-2/+2
|
* splitted PKI tool to a file per commandMartin Willi2009-09-101-0/+238
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 04:41:12 +0000