oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
22,757 Commits 2 Branches 2 Tags
b51ecf5dc83dc98b81653ed9222336845f7772b8
Commit Graph

130 Commits

Author SHA1 Message Date
Love Hörnquist Åstrand
3f121e484c Locally export _hx509_find_extension_subject_key_id. 
Handle AuthorityKeyIdentifier where only authorityCertSerialNumber and
authorityCertSerialNumber is set.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19587 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-30 15:57:14 +00:00
Love Hörnquist Åstrand
e0462bfd82 Add HX509_QUERY_OPTION_KU_KEYCERTSIGN. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19561 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-29 15:51:22 +00:00
Love Hörnquist Åstrand
53256a007f make a note that we MUST check info.proxyPolicy 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19291 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-08 00:02:10 +00:00
Love Hörnquist Åstrand
71e4dc1497 Clairfy and make proxy cert handling work for multiple levels, before 
it was too restrictive. More helpful error message.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19283 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-07 23:39:26 +00:00
Love Hörnquist Åstrand
7ea26d8dc4 (check_key_usage): print subject, not issuer 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19280 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-07 22:41:26 +00:00
Love Hörnquist Åstrand
eecdea2e20 (check_key_usage): tell what keyusages are missing 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19279 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-07 22:35:27 +00:00
Love Hörnquist Åstrand
b6b9423a2b (hx509_query_match_issuer_serial): make a copy of the data 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19249 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 13:08:31 +00:00
Love Hörnquist Åstrand
dcf2f6807a (hx509_query_match_issuer_serial): allow matching on issuer and serial num 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19245 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 12:21:35 +00:00
Love Hörnquist Åstrand
8bc1396160 (_hx509_calculate_path): add flag to allow leaving out trust anchor 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19239 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-06 10:35:16 +00:00
Love Hörnquist Åstrand
0528938895 (find_parent): when checking for certs and its not a trust anchor, 
require time be in range.
(_hx509_query_match_cert): Add time validity-testing to query mask


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19228 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-05 23:46:19 +00:00
Love Hörnquist Åstrand
d3b2e5df80 Don't check the trust anchors expiration time since they are 
transported out of band, from RFC3820.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19176 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-28 17:41:57 +00:00
Love Hörnquist Åstrand
1d8f59cfa1 sprinkle more error strings 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19171 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-28 12:00:08 +00:00
Love Hörnquist Åstrand
35dda6b1b9 Sprinkle more error string and hx509_contexts. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19130 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-26 17:54:18 +00:00
Love Hörnquist Åstrand
2c0f78e9c0 Handle that _hx509_verify_signature takes a context. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19113 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-25 23:53:05 +00:00
Love Hörnquist Åstrand
1a89ccbde3 (_hx509_calculate_path): allow to calculate optimistic path when we 
don't know the trust anchors, just follow the chain upward until we no
longer find a parent or we hit the max limit.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19096 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-23 18:11:22 +00:00
Love Hörnquist Åstrand
343b2cb1c2 (hx509_query_match_cmp_func): return 0 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18911 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-04 23:43:24 +00:00
Love Hörnquist Åstrand
c226612caa (hx509_query_match_cmp_func): allow setting the match function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18909 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-04 23:27:49 +00:00
Love Hörnquist Åstrand
e4ce12b8d1 unbreak. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18858 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-24 13:09:49 +00:00
Love Hörnquist Åstrand
23a7e5e2b2 (hx509_cert_get_base_subject): one less EINVAL 
(_hx509_cert_private_decrypt): one less EINVAL


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18854 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-24 12:30:04 +00:00
Love Hörnquist Åstrand
df5da7edfe Try to not leak memory. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18786 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-21 20:12:42 +00:00
Love Hörnquist Åstrand
96204e40a8 prefix der primitives with der_ 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18453 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-14 09:42:43 +00:00
Love Hörnquist Åstrand
7b60dcb344 Add all openssl algs and init asn1 et 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18296 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-07 12:07:41 +00:00
Love Hörnquist Åstrand
41e00c0c70 Add a strict rfc3280 verification flag. rfc3280 requires certificates 
to have KeyUsage.keyCertSign if they are to be used for signing of
certificates, but the step in the verifiation is optional.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18086 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-15 05:59:35 +00:00
Love Hörnquist Åstrand
0efe7f3455 add _hx509_cert_get_keyusage 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18025 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-05 20:52:35 +00:00
Love Hörnquist Åstrand
046997bc17 Add release function for certifiates so backend knowns when its no 
longer used.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17589 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-27 10:59:13 +00:00
Love Hörnquist Åstrand
09f034b560 Avoid shadowing. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17574 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-13 20:26:47 +00:00
Love Hörnquist Åstrand
e6b5883e02 Sprinkle setting error strings. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17399 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-01 15:24:51 +00:00
Love Hörnquist Åstrand
74a41b918b Sprinkel setting error strings. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17391 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-05-01 14:02:50 +00:00
Love Hörnquist Åstrand
37db31f903 Reverse previous patch, lets do it another way. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17375 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-30 14:53:05 +00:00
Love Hörnquist Åstrand
e9f16d62ab (hx509_revoke_verify): update usage 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17374 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-30 14:11:55 +00:00
Love Hörnquist Åstrand
4a99bbcc37 remove _hx509_cert_private_sigature 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17366 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-30 07:35:08 +00:00
Love Hörnquist Åstrand
a4e67a6533 (hx509_cert_get_base_subject): reject un-canon proxy certs, not the reverse 
(add_to_list): constify and fix argument order to copy_octet_string
(hx509_cert_find_subjectAltName_otherName): make work


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17347 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-29 14:22:41 +00:00
Love Hörnquist Åstrand
feb2699d9b (hx509_verify_hostname): implement stub function 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17333 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-28 11:24:10 +00:00
Love Hörnquist Åstrand
c7b6f93485 When verifying certificates, store subject basename for later consumption. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17284 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 18:33:55 +00:00
Love Hörnquist Åstrand
70552d3ed2 remove debug printf's 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17277 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 16:59:52 +00:00
Love Hörnquist Åstrand
b1139e02d0 (hx509_verify_path): handle the case where the where two proxy certs 
in a chain.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17274 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 16:47:45 +00:00
Love Hörnquist Åstrand
56b18c1385 (hx509_verify_path): Need to mangle name to remove the CN of the 
subject, copying issuer only works for one level but is better then
doing no checking at all.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17262 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 15:02:48 +00:00
Love Hörnquist Åstrand
db9e1df818 Fix comment about subject name of proxy certificate. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17258 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 13:49:27 +00:00
Love Hörnquist Åstrand
cf3c9e7986 Make proxy certificate work. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17257 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 13:35:20 +00:00
Love Hörnquist Åstrand
1b98d3a6ff (hx509_verify_path): verify proxy certificate have no san or ian 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17252 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 12:36:49 +00:00
Love Hörnquist Åstrand
253352539c (hx509_verify_set_proxy_certificate): Add 
(*): rename policy cert to proxy cert


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17251 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 12:21:20 +00:00
Love Hörnquist Åstrand
3d4b238a8b Initial support for policy certificates. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17250 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-26 12:05:10 +00:00
Love Hörnquist Åstrand
8699156461 Expose the path building function to internal functions. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17167 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-22 11:38:39 +00:00
Love Hörnquist Åstrand
7391a1abf9 (hx509_query_match_friendly_name): fix return value 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17159 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-22 07:22:15 +00:00
Love Hörnquist Åstrand
5f7eeddc5e (hx509_query_match_friendly_name): New function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17152 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-21 22:16:55 +00:00
Love Hörnquist Åstrand
4e37989b39 Remove unused function. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17121 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-21 11:25:20 +00:00
Love Hörnquist Åstrand
866f4be765 (hx509_verify_path): if trust anchor is not self signed, don't check sig 
From Douglas Engert.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17108 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-20 17:05:11 +00:00
Love Hörnquist Åstrand
86f05f039c expose print_cert_subject internally 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16990 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-03 15:24:58 +00:00
Love Hörnquist Åstrand
7a53af1e6a Add HX509_QUERY_MATCH_KEY_HASH_SHA1 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16911 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-01 02:10:24 +00:00
Love Hörnquist Åstrand
d7379e76d2 rename missing-crl to missing-revoke 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16898 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-01 00:30:45 +00:00