oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,376 Commits 2 Branches 2 Tags
6a0f45c4d73f5dcb844397432478336ebbf057f3
Commit Graph

168 Commits

Author SHA1 Message Date
Nicolas Williams
6a0f45c4d7 Use __attribute__ ((__name__)) form 
Protect against macros named noreturn and so on.
 2017-03-13 18:39:41 -04:00
Nicolas Williams
943e76f99b Fix leak in hx509_general_name_unparse() 2016-11-20 17:43:51 -06:00
Nicolas Williams
1c81ddf4e2 Round #2 of scan-build warnings cleanup 2016-11-16 17:03:14 -06:00
Love Hornquist Astrand
7439cb7c54 check the EE if its a proxy certificate and fail up front 2013-10-21 08:43:24 -07:00
Love Hornquist Astrand
4e44171a28 cast away enum warnings 2013-06-03 22:05:09 -07:00
Roland C. Dowdeswell
1b5b82183c In lib/hx509/cert.c, fix cases where errors are returned as certs. 
In both hx509_cert_init() and hx509_cert_init_data(), there is an
output parameter for the error code but there are cases where the
error is used as a return value instead of the specified hx509_cert.
We fix these issues.  We also check if error is non-NULL and only
set the error in this case, allowing the functions to be called
with error == NULL without segfault.
 2012-12-03 14:12:52 +08:00
Love Hornquist Astrand
029de6cfa4 pass back an heim_error from hx509_cert_init 2012-10-07 06:33:13 -07:00
Roland C. Dowdeswell
13a6ac59ad Fix memory leak in hx509_context_init(). 
OpenSSL_add_all_algorithms() should only be run once per application
or it will cause data structures to expand.  It's not a classic
memory leak as all of the memory will be free(3)d when EVP_cleanup()
is called but as we are a library we cannot call this.  We provide
a short term fix here which is using heim_base_once_f() to ensure
that we only call it once.

But the long term fix should be to stop using OpenSSL_add_all_algorithms()
entirely because it both has side effects outside our library and
the caller may destroy our OpenSSL global variables by calling
EVP_cleanup() on his own.  It is suboptimal to have potential
interactions between our library and other code in this way.
 2012-07-17 19:38:46 +01:00
Love Hornquist Astrand
671c91fd5f just mark sig algs as weak instead of expiration date 2012-06-08 18:08:23 +02:00
Roland C. Dowdeswell
cc47c8fa7b Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues. 
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer.  Note that we get different
warnings on different machines and so this will be a work in
progress.  So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).

Notably, we fixed

	1.  a lot of missing structure initialisers,

	2.  unchecked return values for functions that glibc
	    marks as __attribute__((warn-unused-result)),

	3.  made minor modifications to slc and asn1_compile
	    which can generate code which generates warnings,
	    and

	4.  a few stragglers here and there.

We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g.  rsh, rcp,
popper, ftp and telnet.

Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.

We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
 2012-02-20 19:45:41 +00:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
3ada607635 Final fixes from Christos Zoulas 2011-05-18 21:58:57 -07:00
Jelmer Vernooij
36ade8b509 hx509: Make various functions used by Samba public. 
* hx509_cert_public_encrypt
* hx509_parse_private_key
* hx509_private_key_assign_rsa
* hx509_private_key_free
* hx509_private_key_private_decrypt
* hx509_private_key_init
* hx509_private_key2SPKI
* hx509_request_get_name
* hx509_request_get_SubjectPublicKeyInfo
* hx509_request_free
* hx509_request_init
* hx509_request_set_name
* hx509_request_set_SubjectPublicKeyInfo

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2011-02-23 19:47:28 -08:00
Love Hornquist Astrand
dc0fbbf8c9 add hx509_cert_get_{issuer,subject}_unique_id 2010-08-10 09:23:41 -07:00
Love Hornquist Astrand
1be863f364 change variables to make more sense 2010-08-08 16:10:44 -07:00
Love Hornquist Astrand
fa4c84e6d6 make printablestring and ia5string octetstrings 2010-08-08 15:51:33 -07:00
Love Hornquist Astrand
a059a70746 Only accept self-signed certs within chains for strong hash types 2009-11-25 05:03:16 -08:00
Love Hornquist Astrand
796a9f2ec7 doxygen 2009-11-22 13:52:06 -08:00
Love Hornquist Astrand
1af4e2234a free cert on error 2009-10-22 08:23:19 -07:00
Love Hornquist Astrand
4b79b6fa57 remove unused variable 
Based on a report from Matthias Dieter Wallnöfer.
 2009-10-03 11:38:55 -07:00
Love Hornquist Astrand
17cd6e2d5f Use hx509_certs_ref() 2009-09-29 09:58:47 -07:00
Love Hornquist Astrand
e247375e1c add hx509_print_cert 2009-09-21 06:24:22 -07:00
Love Hornquist Astrand
72e306c7e3 Push cert down deaper into the stack 2009-08-21 18:34:21 -07:00
Love Hörnquist Åstrand
7a23a190a1 Use OID variable instead of function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25241 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-28 01:18:53 +00:00
Love Hörnquist Åstrand
f7629cddeb make error reporting better 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25191 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-05-06 19:03:36 +00:00
Love Hörnquist Åstrand
b7064afbcf Find first CN= in the name, and try to match the hostname on that 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25143 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-04-27 02:18:44 +00:00
Love Hörnquist Åstrand
f0366476c5 make compile 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24983 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:01:58 +00:00
Love Hörnquist Åstrand
146f753987 make attach release the keyset 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24982 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-29 09:01:47 +00:00
Love Hörnquist Åstrand
38c844cbaa return instad of break out to return 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24916 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-22 17:22:50 +00:00
Love Hörnquist Åstrand
ff5dab4f4a remove rcsid 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24795 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-22 23:28:18 +00:00
Love Hörnquist Åstrand
8c452e59ba doxygen 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24701 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-14 20:13:38 +00:00
Love Hörnquist Åstrand
ad7bb6ffad pass hx509_context to the matching function 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24618 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-04 22:10:52 +00:00
Love Hörnquist Åstrand
4b553afa07 Skip the leaf certificate HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK check for now 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24254 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-11 21:44:19 +00:00
Love Hörnquist Åstrand
3ee9a138f6 add hx509_verify_ctx_f_allow_best_before_signature_algs 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24253 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-11 21:44:10 +00:00
Love Hörnquist Åstrand
98d48f25d7 use _hx509_signature_best_before 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24252 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-11 21:44:00 +00:00
Love Hörnquist Åstrand
174cae0ba1 better error message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24051 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-11-23 22:05:46 +00:00
Love Hörnquist Åstrand
b4539ac324 better error checks 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24050 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-11-23 22:05:36 +00:00
Love Hörnquist Åstrand
de3c767d3a allow testing on sha1 hash in cert queries 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24049 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-11-23 22:05:26 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
fa8b905e46 close-on-exec 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23457 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-27 12:12:56 +00:00
Love Hörnquist Åstrand
b1f885befe use rk_undumpdata, spelling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23413 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-26 18:34:53 +00:00
Love Hörnquist Åstrand
ad1190f74d add _hx509_verify_get_time 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23266 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 03:23:26 +00:00
Love Hörnquist Åstrand
5f7508dfc1 Use subject name as friendly name if there is no friendly name for certificate. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23072 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-23 11:11:20 +00:00
Love Hörnquist Åstrand
00f8b507cb rename to be more consistent, export for teting 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22679 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-14 14:52:48 +00:00
Love Hörnquist Åstrand
7776ed30a9 Add language to support querying certificates to find a match. Support constructs like "1.3.6.1.5.2.3.5" IN %{certificate.eku} AND %{certificate.subject} TAILMATCH "C=SE"". 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22677 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-03-13 17:35:49 +00:00
Love Hörnquist Åstrand
8b9c6c4121 Use ldap-prep (with libwind) to compare names 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22583 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-02-11 20:46:21 +00:00
Love Hörnquist Åstrand
b5cdbe6fa5 (hx509_query_match_eku): update to support the NULL eku (reset), 
clearify the old behaivor with regards repetitive calls.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22539 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-01-27 13:15:07 +00:00
Love Hörnquist Åstrand
0ff6dbc8bb Add matching on EKU, validate EKUs, add hxtool matching glue, add check. Adapted from pach from Tim Miller of Mitre 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22538 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-01-27 13:05:47 +00:00
Love Hörnquist Åstrand
b012ef1902 Spelling. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22450 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-01-15 19:39:14 +00:00