aboutsummaryrefslogtreecommitdiffstats
path: root/src/pki
Commit message (Collapse)AuthorAgeFilesLines
* configure: Check for and explicitly link against -latomicMartin Willi2016-06-141-1/+1
| | | | | Some C libraries, such as uClibc, require an explicit link for some atomic functions. Check for any libatomic, and explcily link it.
* pki: Increase MAX_LINESTobias Brunner2015-12-161-1/+1
| | | | | The --issue and --self commands both define 10 lines of usage summary text.
* pki: Never print more than MAX_LINES of usage summaryTobias Brunner2015-12-161-1/+10
| | | | Print a warning if a registered command exceeds that limit.
* Standardized printing of certificate informationAndreas Steffen2015-12-111-523/+20
| | | | | | | The certificate_printer class allows the printing of certificate information to a text file (usually stdout). This class is used by the pki --print and swanctl --list-certs commands as well as by the stroke plugin.
* pki: Explicitly link against -lpthread and -ldl if requiredMartin Willi2015-12-041-1/+4
| | | | | We already do this for charon, as some toolchains require an explicit link even if libstrongswan already depends on it.
* Support BLISS signatures with SHA-3 hashAndreas Steffen2015-11-035-5/+9
|
* pki: Add new type options to --issue command usage outputTobias Brunner2015-08-271-2/+2
|
* pki: Add --dn command to extract the subject DN of a certificateTobias Brunner2015-08-176-11/+219
|
* pki: Optionally extract public key from given private key in --issueTobias Brunner2015-08-102-6/+30
| | | | Fixes #618.
* pki: Choose default digest based on the signature keyTobias Brunner2015-03-2312-20/+69
|
* pki: Use SHA-256 as default for signaturesTobias Brunner2015-03-2310-55/+15
| | | | | | Since the BLISS private key supports this we don't do any special handling anymore (if the user choses a digest that is not supported, signing will simply fail later because no signature scheme will be found).
* Allow SHA256 and SHA384 data hash for BLISS signatures.Andreas Steffen2015-02-267-16/+36
| | | | | The default is SHA512 since this hash function is also used for the c_indices random oracle.
* pki: Document correct output formats for --pkcs12 --exportTobias Brunner2014-12-191-2/+2
|
* pki: Properly clean up if output format for --pkcs12 is wrongTobias Brunner2014-12-191-0/+2
|
* pki: Add command to export certificates and keys from PKCS#12 containersTobias Brunner2014-12-122-9/+112
|
* pki: Reformat PKCS#12 output and add an index for each certificate/keyTobias Brunner2014-12-122-14/+17
|
* pki: Add simple PKCS#12 display commandTobias Brunner2014-12-124-1/+203
|
* pki: Cache entered secrets in case they are needed more than onceTobias Brunner2014-12-121-2/+23
|
* Implemented full BLISS support for IKEv2 public key authentication and the ↵Andreas Steffen2014-11-296-3/+37
| | | | pki tool
* Started implementing BLISS signature generationAndreas Steffen2014-11-291-2/+8
|
* Store and parse BLISS private and public keys in DER and PEM formatAndreas Steffen2014-11-292-4/+17
| | | | | | | | Additionally generate SHA-1 fingerprints of raw BLISS subjectPublicKey and subjectPublicKeyInfo objects. Some basic functions used by the bliss_public_key class are shared with the bliss_private_key class.
* Created framework for BLISS post-quantum signature algorithmAndreas Steffen2014-11-291-3/+11
|
* pki: Print and document the name constraint type for DNS or email constraintsMartin Willi2014-10-303-6/+46
| | | | | As email constraints may be for a specific host, it is not clear from the name itself if it is a DNS or email constraint.
* pki: Document --online option for pki --verify and all exit codesTobias Brunner2014-06-301-5/+11
|
* pki: Also check for MAX_COMMANDS when building getopt_long argumentsTobias Brunner2014-06-241-1/+1
| | | | Completes 87e53819a6 and 0a8c399a21.
* pki: Support complex trustchain and revocation checking in --verifyMartin Willi2014-06-041-48/+86
|
* pki: Provide a fallback if strptime() not supportedMartin Willi2014-06-041-9/+63
| | | | | For simplicity, we support the default pki datetime format only, but optionally accept four digit years for longer lifetimes.
* pki: Switch to binary mode on Windows when reading/writing DER to FDsMartin Willi2014-06-0413-1/+49
|
* pki: Stop prompting for password when entering empty stringMartin Willi2014-06-041-1/+1
|
* Make sure getpass() is availableTobias Brunner2014-05-291-1/+3
| | | | It's not on Android for example.
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-165-10/+5
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* pki: Fix memory leak when printing unknown AC group OIDsTobias Brunner2014-04-091-0/+1
|
* pki: Removed extra continue statementTobias Brunner2014-04-091-1/+0
|
* Added support for msSmartcardLogon EKUAndreas Steffen2014-04-083-2/+14
|
* pki: Document --not-before/after and --dateform options in manpagesMartin Willi2014-03-314-7/+99
|
* pki: Support absolute --this/next-update CRL lifetimesMartin Willi2014-03-311-6/+22
|
* pki: Support absolute --not-before/after issued certificate lifetimesMartin Willi2014-03-312-7/+22
|
* pki: Support absolute --not-before/after self-signed certificate lifetimesMartin Willi2014-03-311-5/+22
|
* pki: Support absolute --not-before/after acert lifetimesMartin Willi2014-03-311-7/+26
|
* pki: Add a certificate lifetime calculation helper functionMartin Willi2014-03-312-1/+69
|
* pki: Add acert and extend pki/print manpagesMartin Willi2014-03-314-2/+115
|
* pki: Implement an acert command to issue attribute certificatesMartin Willi2014-03-313-1/+275
|
* pki: Support printing attribute certificatesMartin Willi2014-03-311-1/+89
|
* pki: Don't generate negative random serial numbers in X.509 certificatesMartin Willi2014-03-312-0/+2
| | | | According to RFC 5280 4.1.2.2 we MUST force non-negative serial numbers.
* pki: When dispatching commands, don't look beyond non-null-terminated arrayMartin Willi2014-03-191-1/+1
|
* pki: Check length of commands array before accessing command in --helpMartin Willi2014-03-191-1/+1
| | | | | | | As --help is counted as command as well, the array is not null-terminated and we have to check for MAX_COMMANDS. Fixes #550.
* pki: Make cmds array static, ensuring that it is zero-initializedMartin Willi2014-02-201-2/+1
| | | | | As pki --help relies on a zero-terminated array, make the actually non-public cmds array static to ensure initialization.
* pki: Fix minor resource leak on failure to read the private key in --req5.1.2rc2Tobias Brunner2014-02-181-1/+2
|
* lib: Add global config namespaceTobias Brunner2014-02-121-1/+1
|
* pki: Declare correct section in pki --issue man pageTobias Brunner2014-01-241-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 05:34:49 +0000