oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
29,310 Commits 2 Branches 2 Tags
5716b51c184b10600955f3a75dd1b396d06cdace
Commit Graph

184 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
7e631d7fda (hx509_cert_binary): return binary encoded certificate (DER format) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19910 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-14 23:20:43 +00:00
Love Hörnquist Åstrand
2dfb044b10 Export more stuff from certificate. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19893 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-14 18:13:44 +00:00
Love Hörnquist Åstrand
80977a02f6 Factor out private key operation out of the signing, operations, support import, export, and generation of private keys. Add support for writing PEM and PKCS12 files with private keys in them. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19778 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-01-09 10:52:13 +00:00
Love Hörnquist Åstrand
b4ca985700 Fix test for proxy certs chain length, it was too restrictive. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19608 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-31 01:31:28 +00:00
Love Hörnquist Åstrand
3f121e484c Locally export _hx509_find_extension_subject_key_id. 
Handle AuthorityKeyIdentifier where only authorityCertSerialNumber and
authorityCertSerialNumber is set.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19587 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-30 15:57:14 +00:00
Love Hörnquist Åstrand
e0462bfd82 Add HX509_QUERY_OPTION_KU_KEYCERTSIGN. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19561 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-29 15:51:22 +00:00
Love Hörnquist Åstrand
53256a007f make a note that we MUST check info.proxyPolicy 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19291 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-08 00:02:10 +00:00
Love Hörnquist Åstrand
71e4dc1497 Clairfy and make proxy cert handling work for multiple levels, before 
it was too restrictive. More helpful error message.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19283 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-07 23:39:26 +00:00
Love Hörnquist Åstrand
7ea26d8dc4 (check_key_usage): print subject, not issuer 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19280 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-07 22:41:26 +00:00
Love Hörnquist Åstrand
eecdea2e20 (check_key_usage): tell what keyusages are missing 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19279 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-07 22:35:27 +00:00
Love Hörnquist Åstrand
b6b9423a2b (hx509_query_match_issuer_serial): make a copy of the data 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19249 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 13:08:31 +00:00
Love Hörnquist Åstrand
dcf2f6807a (hx509_query_match_issuer_serial): allow matching on issuer and serial num 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19245 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 12:21:35 +00:00
Love Hörnquist Åstrand
8bc1396160 (_hx509_calculate_path): add flag to allow leaving out trust anchor 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19239 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 10:35:16 +00:00
Love Hörnquist Åstrand
0528938895 (find_parent): when checking for certs and its not a trust anchor, 
require time be in range.
(_hx509_query_match_cert): Add time validity-testing to query mask


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19228 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-05 23:46:19 +00:00
Love Hörnquist Åstrand
d3b2e5df80 Don't check the trust anchors expiration time since they are 
transported out of band, from RFC3820.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19176 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-28 17:41:57 +00:00
Love Hörnquist Åstrand
1d8f59cfa1 sprinkle more error strings 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19171 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-28 12:00:08 +00:00
Love Hörnquist Åstrand
35dda6b1b9 Sprinkle more error string and hx509_contexts. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19130 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-26 17:54:18 +00:00
Love Hörnquist Åstrand
2c0f78e9c0 Handle that _hx509_verify_signature takes a context. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19113 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-25 23:53:05 +00:00
Love Hörnquist Åstrand
1a89ccbde3 (_hx509_calculate_path): allow to calculate optimistic path when we 
don't know the trust anchors, just follow the chain upward until we no
longer find a parent or we hit the max limit.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19096 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-23 18:11:22 +00:00
Love Hörnquist Åstrand
343b2cb1c2 (hx509_query_match_cmp_func): return 0 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18911 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-04 23:43:24 +00:00
Love Hörnquist Åstrand
c226612caa (hx509_query_match_cmp_func): allow setting the match function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18909 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-04 23:27:49 +00:00
Love Hörnquist Åstrand
e4ce12b8d1 unbreak. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18858 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-24 13:09:49 +00:00
Love Hörnquist Åstrand
23a7e5e2b2 (hx509_cert_get_base_subject): one less EINVAL 
(_hx509_cert_private_decrypt): one less EINVAL


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18854 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-24 12:30:04 +00:00
Love Hörnquist Åstrand
df5da7edfe Try to not leak memory. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18786 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-21 20:12:42 +00:00
Love Hörnquist Åstrand
96204e40a8 prefix der primitives with der_ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18453 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-14 09:42:43 +00:00
Love Hörnquist Åstrand
7b60dcb344 Add all openssl algs and init asn1 et 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18296 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 12:07:41 +00:00
Love Hörnquist Åstrand
41e00c0c70 Add a strict rfc3280 verification flag. rfc3280 requires certificates 
to have KeyUsage.keyCertSign if they are to be used for signing of
certificates, but the step in the verifiation is optional.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18086 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-15 05:59:35 +00:00
Love Hörnquist Åstrand
0efe7f3455 add _hx509_cert_get_keyusage 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18025 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-05 20:52:35 +00:00
Love Hörnquist Åstrand
046997bc17 Add release function for certifiates so backend knowns when its no 
longer used.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17589 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-27 10:59:13 +00:00
Love Hörnquist Åstrand
09f034b560 Avoid shadowing. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17574 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-13 20:26:47 +00:00
Love Hörnquist Åstrand
e6b5883e02 Sprinkle setting error strings. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17399 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-01 15:24:51 +00:00
Love Hörnquist Åstrand
74a41b918b Sprinkel setting error strings. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17391 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-01 14:02:50 +00:00
Love Hörnquist Åstrand
37db31f903 Reverse previous patch, lets do it another way. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17375 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-30 14:53:05 +00:00
Love Hörnquist Åstrand
e9f16d62ab (hx509_revoke_verify): update usage 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17374 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-30 14:11:55 +00:00
Love Hörnquist Åstrand
4a99bbcc37 remove _hx509_cert_private_sigature 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17366 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-30 07:35:08 +00:00
Love Hörnquist Åstrand
a4e67a6533 (hx509_cert_get_base_subject): reject un-canon proxy certs, not the reverse 
(add_to_list): constify and fix argument order to copy_octet_string
(hx509_cert_find_subjectAltName_otherName): make work


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17347 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-29 14:22:41 +00:00
Love Hörnquist Åstrand
feb2699d9b (hx509_verify_hostname): implement stub function 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17333 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-28 11:24:10 +00:00
Love Hörnquist Åstrand
c7b6f93485 When verifying certificates, store subject basename for later consumption. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17284 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 18:33:55 +00:00
Love Hörnquist Åstrand
70552d3ed2 remove debug printf's 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17277 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 16:59:52 +00:00
Love Hörnquist Åstrand
b1139e02d0 (hx509_verify_path): handle the case where the where two proxy certs 
in a chain.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17274 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 16:47:45 +00:00
Love Hörnquist Åstrand
56b18c1385 (hx509_verify_path): Need to mangle name to remove the CN of the 
subject, copying issuer only works for one level but is better then
doing no checking at all.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17262 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 15:02:48 +00:00
Love Hörnquist Åstrand
db9e1df818 Fix comment about subject name of proxy certificate. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17258 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 13:49:27 +00:00
Love Hörnquist Åstrand
cf3c9e7986 Make proxy certificate work. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17257 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 13:35:20 +00:00
Love Hörnquist Åstrand
1b98d3a6ff (hx509_verify_path): verify proxy certificate have no san or ian 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17252 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 12:36:49 +00:00
Love Hörnquist Åstrand
253352539c (hx509_verify_set_proxy_certificate): Add 
(*): rename policy cert to proxy cert


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17251 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 12:21:20 +00:00
Love Hörnquist Åstrand
3d4b238a8b Initial support for policy certificates. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17250 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 12:05:10 +00:00
Love Hörnquist Åstrand
8699156461 Expose the path building function to internal functions. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17167 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-22 11:38:39 +00:00
Love Hörnquist Åstrand
7391a1abf9 (hx509_query_match_friendly_name): fix return value 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17159 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-22 07:22:15 +00:00
Love Hörnquist Åstrand
5f7eeddc5e (hx509_query_match_friendly_name): New function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17152 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-21 22:16:55 +00:00
Love Hörnquist Åstrand
4e37989b39 Remove unused function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17121 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-21 11:25:20 +00:00