Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						7439cb7c54 
					 
					
						
						
							
							check the EE if its a proxy certificate and fail up front  
						
						
						
						
					 
					
						2013-10-21 08:43:24 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						4e44171a28 
					 
					
						
						
							
							cast away enum warnings  
						
						
						
						
					 
					
						2013-06-03 22:05:09 -07:00 
						 
				 
			
				
					
						
							
							
								Roland C. Dowdeswell 
							
						 
					 
					
						
						
							
						
						1b5b82183c 
					 
					
						
						
							
							In lib/hx509/cert.c, fix cases where errors are returned as certs.  
						
						... 
						
						
						
						In both hx509_cert_init() and hx509_cert_init_data(), there is an
output parameter for the error code but there are cases where the
error is used as a return value instead of the specified hx509_cert.
We fix these issues.  We also check if error is non-NULL and only
set the error in this case, allowing the functions to be called
with error == NULL without segfault. 
						
						
					 
					
						2012-12-03 14:12:52 +08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						029de6cfa4 
					 
					
						
						
							
							pass back an heim_error from hx509_cert_init  
						
						
						
						
					 
					
						2012-10-07 06:33:13 -07:00 
						 
				 
			
				
					
						
							
							
								Roland C. Dowdeswell 
							
						 
					 
					
						
						
							
						
						13a6ac59ad 
					 
					
						
						
							
							Fix memory leak in hx509_context_init().  
						
						... 
						
						
						
						OpenSSL_add_all_algorithms() should only be run once per application
or it will cause data structures to expand.  It's not a classic
memory leak as all of the memory will be free(3)d when EVP_cleanup()
is called but as we are a library we cannot call this.  We provide
a short term fix here which is using heim_base_once_f() to ensure
that we only call it once.
But the long term fix should be to stop using OpenSSL_add_all_algorithms()
entirely because it both has side effects outside our library and
the caller may destroy our OpenSSL global variables by calling
EVP_cleanup() on his own.  It is suboptimal to have potential
interactions between our library and other code in this way. 
						
						
					 
					
						2012-07-17 19:38:46 +01:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						671c91fd5f 
					 
					
						
						
							
							just mark sig algs as weak instead of expiration date  
						
						
						
						
					 
					
						2012-06-08 18:08:23 +02:00 
						 
				 
			
				
					
						
							
							
								Roland C. Dowdeswell 
							
						 
					 
					
						
						
							
						
						cc47c8fa7b 
					 
					
						
						
							
							Turn on -Wextra -Wno-sign-compare -Wno-unused-paramter and fix issues.  
						
						... 
						
						
						
						We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer.  Note that we get different
warnings on different machines and so this will be a work in
progress.  So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).
Notably, we fixed
	1.  a lot of missing structure initialisers,
	2.  unchecked return values for functions that glibc
	    marks as __attribute__((warn-unused-result)),
	3.  made minor modifications to slc and asn1_compile
	    which can generate code which generates warnings,
	    and
	4.  a few stragglers here and there.
We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g.  rsh, rcp,
popper, ftp and telnet.
Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.
We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do. 
						
						
					 
					
						2012-02-20 19:45:41 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						0879b9831a 
					 
					
						
						
							
							remove trailing whitespace  
						
						
						
						
					 
					
						2011-05-21 11:57:31 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						3ada607635 
					 
					
						
						
							
							Final fixes from Christos Zoulas  
						
						
						
						
					 
					
						2011-05-18 21:58:57 -07:00 
						 
				 
			
				
					
						
							
							
								Jelmer Vernooij 
							
						 
					 
					
						
						
							
						
						36ade8b509 
					 
					
						
						
							
							hx509: Make various functions used by Samba public.  
						
						... 
						
						
						
						* hx509_cert_public_encrypt
* hx509_parse_private_key
* hx509_private_key_assign_rsa
* hx509_private_key_free
* hx509_private_key_private_decrypt
* hx509_private_key_init
* hx509_private_key2SPKI
* hx509_request_get_name
* hx509_request_get_SubjectPublicKeyInfo
* hx509_request_free
* hx509_request_init
* hx509_request_set_name
* hx509_request_set_SubjectPublicKeyInfo
Signed-off-by: Love Hornquist Astrand <lha@h5l.org > 
						
						
					 
					
						2011-02-23 19:47:28 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						dc0fbbf8c9 
					 
					
						
						
							
							add hx509_cert_get_{issuer,subject}_unique_id  
						
						
						
						
					 
					
						2010-08-10 09:23:41 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						1be863f364 
					 
					
						
						
							
							change variables to make more sense  
						
						
						
						
					 
					
						2010-08-08 16:10:44 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						fa4c84e6d6 
					 
					
						
						
							
							make printablestring and ia5string octetstrings  
						
						
						
						
					 
					
						2010-08-08 15:51:33 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						a059a70746 
					 
					
						
						
							
							Only accept self-signed certs within chains for strong hash types  
						
						
						
						
					 
					
						2009-11-25 05:03:16 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						796a9f2ec7 
					 
					
						
						
							
							doxygen  
						
						
						
						
					 
					
						2009-11-22 13:52:06 -08:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						1af4e2234a 
					 
					
						
						
							
							free cert on error  
						
						
						
						
					 
					
						2009-10-22 08:23:19 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						4b79b6fa57 
					 
					
						
						
							
							remove unused variable  
						
						... 
						
						
						
						Based on a report from Matthias Dieter Wallnöfer. 
						
						
					 
					
						2009-10-03 11:38:55 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						17cd6e2d5f 
					 
					
						
						
							
							Use hx509_certs_ref()  
						
						
						
						
					 
					
						2009-09-29 09:58:47 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						e247375e1c 
					 
					
						
						
							
							add hx509_print_cert  
						
						
						
						
					 
					
						2009-09-21 06:24:22 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hornquist Astrand 
							
						 
					 
					
						
						
							
						
						72e306c7e3 
					 
					
						
						
							
							Push cert down deaper into the stack  
						
						
						
						
					 
					
						2009-08-21 18:34:21 -07:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						7a23a190a1 
					 
					
						
						
							
							Use OID variable instead of function.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25241 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-05-28 01:18:53 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						f7629cddeb 
					 
					
						
						
							
							make error reporting better  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25191 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-05-06 19:03:36 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						b7064afbcf 
					 
					
						
						
							
							Find first CN= in the name, and try to match the hostname on that  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25143 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-04-27 02:18:44 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						f0366476c5 
					 
					
						
						
							
							make compile  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24983 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-03-29 09:01:58 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						146f753987 
					 
					
						
						
							
							make attach release the keyset  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24982 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-03-29 09:01:47 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						38c844cbaa 
					 
					
						
						
							
							return instad of break out to return  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24916 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-03-22 17:22:50 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						ff5dab4f4a 
					 
					
						
						
							
							remove rcsid  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24795 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-02-22 23:28:18 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						8c452e59ba 
					 
					
						
						
							
							doxygen  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24701 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-02-14 20:13:38 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						ad7bb6ffad 
					 
					
						
						
							
							pass hx509_context to the matching function  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24618 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-02-04 22:10:52 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						4b553afa07 
					 
					
						
						
							
							Skip the leaf certificate HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK check for now  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24254 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-01-11 21:44:19 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						3ee9a138f6 
					 
					
						
						
							
							add hx509_verify_ctx_f_allow_best_before_signature_algs  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24253 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-01-11 21:44:10 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						98d48f25d7 
					 
					
						
						
							
							use _hx509_signature_best_before  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24252 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2009-01-11 21:44:00 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						174cae0ba1 
					 
					
						
						
							
							better error message  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24051 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-11-23 22:05:46 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						b4539ac324 
					 
					
						
						
							
							better error checks  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24050 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-11-23 22:05:36 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						de3c767d3a 
					 
					
						
						
							
							allow testing on sha1 hash in cert queries  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24049 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-11-23 22:05:26 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						6937d41a02 
					 
					
						
						
							
							remove trailing whitespace  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-09-13 09:21:03 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						e172367898 
					 
					
						
						
							
							switch to utf8 encoding of all files  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-09-13 08:53:55 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						fa8b905e46 
					 
					
						
						
							
							close-on-exec  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23457 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-07-27 12:12:56 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						b1f885befe 
					 
					
						
						
							
							use rk_undumpdata, spelling  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23413 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-07-26 18:34:53 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						ad1190f74d 
					 
					
						
						
							
							add _hx509_verify_get_time  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23266 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-06-23 03:23:26 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						5f7508dfc1 
					 
					
						
						
							
							Use subject name as friendly name if there is no friendly name for certificate.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23072 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-04-23 11:11:20 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						00f8b507cb 
					 
					
						
						
							
							rename to be more consistent, export for teting  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22679 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-03-14 14:52:48 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						7776ed30a9 
					 
					
						
						
							
							Add language to support querying certificates to find a match. Support constructs like "1.3.6.1.5.2.3.5" IN %{certificate.eku} AND %{certificate.subject} TAILMATCH "C=SE"".  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22677 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-03-13 17:35:49 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						8b9c6c4121 
					 
					
						
						
							
							Use ldap-prep (with libwind) to compare names  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22583 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-02-11 20:46:21 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						b5cdbe6fa5 
					 
					
						
						
							
							(hx509_query_match_eku): update to support the NULL eku (reset),  
						
						... 
						
						
						
						clearify the old behaivor with regards repetitive calls.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22539 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-01-27 13:15:07 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						0ff6dbc8bb 
					 
					
						
						
							
							Add matching on EKU, validate EKUs, add hxtool matching glue, add check. Adapted from pach from Tim Miller of Mitre  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22538 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-01-27 13:05:47 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						b012ef1902 
					 
					
						
						
							
							Spelling.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22450 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-01-15 19:39:14 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						5e11811360 
					 
					
						
						
							
							Add hx509_cert_get_SPKI_AlgorithmIdentifier, remove unused stuff, add hx509_context to some functions.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22449 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-01-15 19:38:09 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						c9f443454e 
					 
					
						
						
							
							Add a PKCS11 provider supporting signing and verifing sigatures.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22435 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-01-14 20:53:56 +00:00 
						 
				 
			
				
					
						
							
							
								Love Hörnquist Åstrand 
							
						 
					 
					
						
						
							
						
						8fa8981654 
					 
					
						
						
							
							More documentation.  
						
						... 
						
						
						
						git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22430 ec53bebd-3082-4978-b11e-865c3cabbd6b 
						
						
					 
					
						2008-01-13 14:02:58 +00:00