aboutsummaryrefslogtreecommitdiffstats
path: root/src/pki/commands/signcrl.c
Commit message (Collapse)AuthorAgeFilesLines
* pki: Enable PSS padding if enabled in strongswan.confTobias Brunner2017-11-081-1/+2
|
* pki: Optionally generate RSA/PSS signaturesTobias Brunner2017-11-081-5/+18
|
* pki: Indent usage lines properly automaticallyTobias Brunner2017-11-081-6/+6
|
* certificates: Use shared destructor for x509_cdp_tTobias Brunner2017-09-181-11/+2
|
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-261-10/+18
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* pki: Edited keyid parameter use in various pki man pages and usage outputsAndreas Steffen2017-03-061-1/+4
|
* pki: Don't remove zero bytes in CRL serials anymoreTobias Brunner2016-10-111-6/+7
| | | | | | This was added a few years ago because pki --signcrl once encoded serials incorrectly as eight byte blobs. But still ensure we have can handle overflows in case the serial is encoded incorrectly without zero-prefix.
* pki: Use serial of base CRL for delta CRLsTobias Brunner2016-10-111-1/+4
| | | | | According to RFC 5280 delta CRLs and complete CRLs MUST share one numbering sequence.
* Support BLISS signatures with SHA-3 hashAndreas Steffen2015-11-031-1/+1
|
* pki: Choose default digest based on the signature keyTobias Brunner2015-03-231-2/+6
|
* pki: Use SHA-256 as default for signaturesTobias Brunner2015-03-231-10/+2
| | | | | | Since the BLISS private key supports this we don't do any special handling anymore (if the user choses a digest that is not supported, signing will simply fail later because no signature scheme will be found).
* Allow SHA256 and SHA384 data hash for BLISS signatures.Andreas Steffen2015-02-261-2/+5
| | | | | The default is SHA512 since this hash function is also used for the c_indices random oracle.
* Implemented full BLISS support for IKEv2 public key authentication and the ↵Andreas Steffen2014-11-291-0/+5
| | | | pki tool
* pki: Switch to binary mode on Windows when reading/writing DER to FDsMartin Willi2014-06-041-0/+1
|
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-161-2/+1
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* pki: Support absolute --this/next-update CRL lifetimesMartin Willi2014-03-311-6/+22
|
* pki: Add pki --signcrl man pageTobias Brunner2013-09-131-6/+6
|
* Moved debug.[ch] to utils folderTobias Brunner2012-10-241-1/+1
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Use centralized hasher names in pki utilityMartin Willi2012-07-171-2/+2
|
* ASN.1 two's complement encoding prevents overflow in CRL serial numberAndreas Steffen2012-04-041-10/+18
|
* pki: Avoid integer overflow when calculating certificate lifetimes.Tobias Brunner2011-12-231-1/+1
| | | | This only works properly if sizeof(time_t) > 4.
* Do proper cleanup in some error cases in pki signcrl.Tobias Brunner2011-04-141-2/+4
|
* Use incremented serial of base CRL when signing delta CRLMartin Willi2011-01-051-0/+2
|
* Added support for delta CRLs to pki toolMartin Willi2011-01-051-17/+63
|
* CRLSign keyUsage or CA basicConstraint are sufficient for CRL validationMartin Willi2011-01-051-2/+2
|
* Added PKCS#11 private key support to the pki toolMartin Willi2010-08-041-8/+24
|
* Added pki PEM encoding support for certificates, CRLs and PKCS10 requestsMartin Willi2010-07-131-2/+10
|
* Support different encoding types in certificate.get_encoding()Martin Willi2010-07-131-2/+1
|
* Added a --signcrl command to the pki utilityMartin Willi2010-05-211-0/+375
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 04:59:23 +0000