oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
22,132 Commits 2 Branches 2 Tags
41f3c8369b7f17bf8e49ee69a3040738f4e8cafc
Commit Graph

125 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
eecdea2e20 (check_key_usage): tell what keyusages are missing 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19279 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-07 22:35:27 +00:00
Love Hörnquist Åstrand
b6b9423a2b (hx509_query_match_issuer_serial): make a copy of the data 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19249 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 13:08:31 +00:00
Love Hörnquist Åstrand
dcf2f6807a (hx509_query_match_issuer_serial): allow matching on issuer and serial num 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19245 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 12:21:35 +00:00
Love Hörnquist Åstrand
8bc1396160 (_hx509_calculate_path): add flag to allow leaving out trust anchor 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19239 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 10:35:16 +00:00
Love Hörnquist Åstrand
0528938895 (find_parent): when checking for certs and its not a trust anchor, 
require time be in range.
(_hx509_query_match_cert): Add time validity-testing to query mask


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19228 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-05 23:46:19 +00:00
Love Hörnquist Åstrand
d3b2e5df80 Don't check the trust anchors expiration time since they are 
transported out of band, from RFC3820.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19176 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-28 17:41:57 +00:00
Love Hörnquist Åstrand
1d8f59cfa1 sprinkle more error strings 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19171 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-28 12:00:08 +00:00
Love Hörnquist Åstrand
35dda6b1b9 Sprinkle more error string and hx509_contexts. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19130 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-26 17:54:18 +00:00
Love Hörnquist Åstrand
2c0f78e9c0 Handle that _hx509_verify_signature takes a context. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19113 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-25 23:53:05 +00:00
Love Hörnquist Åstrand
1a89ccbde3 (_hx509_calculate_path): allow to calculate optimistic path when we 
don't know the trust anchors, just follow the chain upward until we no
longer find a parent or we hit the max limit.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19096 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-23 18:11:22 +00:00
Love Hörnquist Åstrand
343b2cb1c2 (hx509_query_match_cmp_func): return 0 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18911 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-04 23:43:24 +00:00
Love Hörnquist Åstrand
c226612caa (hx509_query_match_cmp_func): allow setting the match function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18909 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-04 23:27:49 +00:00
Love Hörnquist Åstrand
e4ce12b8d1 unbreak. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18858 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-24 13:09:49 +00:00
Love Hörnquist Åstrand
23a7e5e2b2 (hx509_cert_get_base_subject): one less EINVAL 
(_hx509_cert_private_decrypt): one less EINVAL


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18854 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-24 12:30:04 +00:00
Love Hörnquist Åstrand
df5da7edfe Try to not leak memory. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18786 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-21 20:12:42 +00:00
Love Hörnquist Åstrand
96204e40a8 prefix der primitives with der_ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18453 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-14 09:42:43 +00:00
Love Hörnquist Åstrand
7b60dcb344 Add all openssl algs and init asn1 et 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18296 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 12:07:41 +00:00
Love Hörnquist Åstrand
41e00c0c70 Add a strict rfc3280 verification flag. rfc3280 requires certificates 
to have KeyUsage.keyCertSign if they are to be used for signing of
certificates, but the step in the verifiation is optional.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18086 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-15 05:59:35 +00:00
Love Hörnquist Åstrand
0efe7f3455 add _hx509_cert_get_keyusage 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18025 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-05 20:52:35 +00:00
Love Hörnquist Åstrand
046997bc17 Add release function for certifiates so backend knowns when its no 
longer used.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17589 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-27 10:59:13 +00:00
Love Hörnquist Åstrand
09f034b560 Avoid shadowing. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17574 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-13 20:26:47 +00:00
Love Hörnquist Åstrand
e6b5883e02 Sprinkle setting error strings. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17399 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-01 15:24:51 +00:00
Love Hörnquist Åstrand
74a41b918b Sprinkel setting error strings. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17391 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-01 14:02:50 +00:00
Love Hörnquist Åstrand
37db31f903 Reverse previous patch, lets do it another way. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17375 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-30 14:53:05 +00:00
Love Hörnquist Åstrand
e9f16d62ab (hx509_revoke_verify): update usage 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17374 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-30 14:11:55 +00:00
Love Hörnquist Åstrand
4a99bbcc37 remove _hx509_cert_private_sigature 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17366 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-30 07:35:08 +00:00
Love Hörnquist Åstrand
a4e67a6533 (hx509_cert_get_base_subject): reject un-canon proxy certs, not the reverse 
(add_to_list): constify and fix argument order to copy_octet_string
(hx509_cert_find_subjectAltName_otherName): make work


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17347 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-29 14:22:41 +00:00
Love Hörnquist Åstrand
feb2699d9b (hx509_verify_hostname): implement stub function 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17333 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-28 11:24:10 +00:00
Love Hörnquist Åstrand
c7b6f93485 When verifying certificates, store subject basename for later consumption. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17284 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 18:33:55 +00:00
Love Hörnquist Åstrand
70552d3ed2 remove debug printf's 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17277 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 16:59:52 +00:00
Love Hörnquist Åstrand
b1139e02d0 (hx509_verify_path): handle the case where the where two proxy certs 
in a chain.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17274 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 16:47:45 +00:00
Love Hörnquist Åstrand
56b18c1385 (hx509_verify_path): Need to mangle name to remove the CN of the 
subject, copying issuer only works for one level but is better then
doing no checking at all.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17262 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 15:02:48 +00:00
Love Hörnquist Åstrand
db9e1df818 Fix comment about subject name of proxy certificate. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17258 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 13:49:27 +00:00
Love Hörnquist Åstrand
cf3c9e7986 Make proxy certificate work. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17257 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 13:35:20 +00:00
Love Hörnquist Åstrand
1b98d3a6ff (hx509_verify_path): verify proxy certificate have no san or ian 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17252 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 12:36:49 +00:00
Love Hörnquist Åstrand
253352539c (hx509_verify_set_proxy_certificate): Add 
(*): rename policy cert to proxy cert


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17251 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 12:21:20 +00:00
Love Hörnquist Åstrand
3d4b238a8b Initial support for policy certificates. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17250 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 12:05:10 +00:00
Love Hörnquist Åstrand
8699156461 Expose the path building function to internal functions. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17167 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-22 11:38:39 +00:00
Love Hörnquist Åstrand
7391a1abf9 (hx509_query_match_friendly_name): fix return value 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17159 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-22 07:22:15 +00:00
Love Hörnquist Åstrand
5f7eeddc5e (hx509_query_match_friendly_name): New function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17152 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-21 22:16:55 +00:00
Love Hörnquist Åstrand
4e37989b39 Remove unused function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17121 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-21 11:25:20 +00:00
Love Hörnquist Åstrand
866f4be765 (hx509_verify_path): if trust anchor is not self signed, don't check sig 
From Douglas Engert.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17108 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-20 17:05:11 +00:00
Love Hörnquist Åstrand
86f05f039c expose print_cert_subject internally 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16990 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-03 15:24:58 +00:00
Love Hörnquist Åstrand
7a53af1e6a Add HX509_QUERY_MATCH_KEY_HASH_SHA1 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16911 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-01 02:10:24 +00:00
Love Hörnquist Åstrand
d7379e76d2 rename missing-crl to missing-revoke 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16898 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-01 00:30:45 +00:00
Love Hörnquist Åstrand
f3b1b0858c Use HX509_DEFAULT_OCSP_TIME_DIFF. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16887 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-31 22:07:26 +00:00
Love Hörnquist Åstrand
40164d5a9e Add ocsp glue, use new _hx509_verify_signature_bitstring, add eku 
checking function.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16883 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-31 22:03:13 +00:00
Love Hörnquist Åstrand
7c1b919893 Update for ocsp merge. handle building path w/o subject (using subject key id) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16870 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-31 01:51:22 +00:00
Love Hörnquist Åstrand
e3ef13ddb4 (hx509_cert_free): ok to free NULL 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16836 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-27 21:34:13 +00:00
Love Hörnquist Åstrand
bf2edb9716 (hx509_query_alloc): allocate slight more more then a sizeof(pointer) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16820 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-27 02:07:05 +00:00