heimdal/lib/hx509/ChangeLog

2005-12-12  Love Hörnquist Åstrand  <lha@it.su.se>

	* data/nist-data: Can handle DSA certificate.
	
	* hxtool.c: Print error code on failure.
	
2005-10-29  Love Hörnquist Åstrand  <lha@it.su.se>

	* crypto.c: Support DSA signature operations.
	
2005-10-04  Love Hörnquist Åstrand  <lha@it.su.se>

	* print.c: Validate that issuerAltName and subjectAltName isn't
	empty.
	
2005-09-14  Love Hörnquist Åstrand  <lha@it.su.se>

	* p11.c: Cast to unsigned char to avoid warning.

	* keyset.c: Register pkcs11 module.

	* Makefile.am: Add ks_p11.c, install hxtool.
	
	* ks_p11.c: Starting point of a pkcs11 module.
	
2005-09-04  Love Hörnquist Åstrand  <lha@it.su.se>

	* lock.c: Implement prompter.

	* hxtool-commands.in: add --content to print

	* hxtool.c: Split verify and print.

	* cms.c: _hx509_pbe_decrypt now takes a hx509_lock.

	* crypto.c: Make _hx509_pbe_decrypt take a hx509_lock, workaround
	for empty password.

	* name.c: Add DC, handle all Directory strings, fix signless
	problems.
	
2005-09-03  Love Hörnquist Åstrand  <lha@it.su.se>

	* test_query.in: Pass in --pass to all commands.

	* hxtool.c: Use option --pass.

	* hxtool-commands.in: Add --pass to all commands.

	* hx509_err.et: add UNKNOWN_LOCK_COMMAND and CRYPTO_NO_PROMPTER

	* test_cms.in: pass in password to cms-create-sd

	* crypto.c: Abstract out PBE_string2key so I can add PBE2 s2k
	later.  Avoid signess warnings with OpenSSL.

	* cms.c: Use void * instead of char * for to avoid signedness
	issues

	* cert.c (hx509_cert_get_attribute): remove const, its not

	* ks_p12.c: Cast size_t to unsigned long when print.

	* name.c: Fix signedness warning.

	* test_query.in: Use echo, the function check isn't defined here.
	
2005-08-11  Love Hörnquist Åstrand  <lha@it.su.se>

	* hxtool-commands.in: Add more options that was missing.

2005-07-28  Love Hörnquist Åstrand  <lha@it.su.se>

	* test_cms.in: Use --certificate= for enveloped/unenvelope.

	* hxtool.c: Use --certificate= for enveloped/unenvelope.  Clean
	up.

	* test_cms.in: add EnvelopeData tests
	
	* hxtool.c: use id-envelopedData for ContentInfo
	
	* hxtool-commands.in: add contentinfo wrapping for create/unwrap
	enveloped data

	* hxtool.c: add contentinfo wrapping for create/unwrap enveloped
	data

	* data/gen-req.sh: add enveloped data (aes128)
	
	* crypto.c: add "new" RC2 oid
	
2005-07-27  Love Hörnquist Åstrand  <lha@it.su.se>

	* hx_locl.h, cert.c: Add HX509_QUERY_MATCH_FUNCTION that allows
	caller to match by function, note that this doesn't not work
	directly for backends that implements ->query, they must do their
	own processing. (I'm running out of flags, only 12 left now)

	* test_cms.in: verify ContentInfo wrapping code in hxtool
	
	* hxtool-commands.in (cms_create_sd): support wrapping in content
	info spelling

	* hxtool.c (cms_create_sd): support wrapping in content info

	* test_cms.in: test more cms signeddata messages
	
	* data/gen-req.sh: generate SignedData
	
	* hxtool.c (cms_create_sd): support certificate store, add support
	to unwrap a ContentInfo the SignedData inside.

	* crypto.c: sprinkel rk_UNCONST

	* crypto.c: add DER NULL to the digest oid's

	* hxtool-commands.in: add --content-info to cms-verify-sd

	* cms.c (hx509_cms_create_signed_1): pass in a full
	AlgorithmIdentifier instead of heim_oid for digest_alg

	* crypto.c: make digest_alg a digest_oid, it's not needed right
	now

	* hx509_err.et: add CERT_NOT_FOUND
	
	* keyset.c (_hx509_certs_find): add error code for cert not
	found

	* cms.c (hx509_cms_verify_signed): add external store of
	certificates, use the right digest algorithm identifier.

	* cert.c: fix const warning

	* ks_p12.c: slightly less verbose
	
	* cert.c: add hx509_cert_find_subjectAltName_otherName, add
	HX509_QUERY_MATCH_FRIENDLY_NAME
	
	* hx509.h: add hx509_octet_string_list, remove bad comment
	
	* hx_locl.h: add HX509_QUERY_MATCH_FRIENDLY_NAME

	* keyset.c (hx509_certs_append): needs a hx509_lock, add one

	* Makefile.am: add test cases tempfiles to CLEANFILES
	
	* Makefile.am: add test_query to TESTS, fix dependency on hxtool
	sources on hxtool-commands.h

	* hxtool-commands.in: explain what signer is for create-sd

	* hxtool.c: add query, add more options to verify-sd and create-sd

	* test_cms.in: add more cms tests
	
	* hxtool-commands.in: add query, add more options to verify-sd

	* test_query.in: test query interface
	
	* data: fix filenames for ds/ke files, add pkcs12 files, regen
	
	* hxtool.c,Makefile.am,hxtool-commands.in: switch to slc

2005-07-26  Love Hörnquist Åstrand  <lha@it.su.se>

	* cert.c (hx509_verify_destroy_ctx): add
	
	* hxtool.c: free hx509_verify_ctx
	
	* name.c (_hx509_name_ds_cmp): make sure all strings are not equal

2005-07-25  Love Hörnquist Åstrand  <lha@it.su.se>

	* hxtool.c: return error
	
	* keyset.c: return errors from iterations
	
	* test_chain.in: clean up checks
	
	* ks_file.c (parse_certificate): return errno's not 1 in case of
	error
	
	* ks_file.c (file_iter): make sure endpointer is NULL

	* ks_mem.c (mem_iter): follow conversion and return NULL when we
	get to the end, not ENOENT.
	
	* Makefile.am: test_chain depends on hxtool
	
	* data: test certs that lasts 10 years
	
	* data/gen-req.sh: script to generate test certs
	
	* Makefile.am: Add regression tests.

	* data: test certificate and keys

	* test_chain.in: test chain

	* hxtool.c (cms_create_sd): add KU digitalSigature as a
	requirement to the query

	* hx_locl.h: add KeyUsage query bits

	* hx509_err.et: add KeyUsage error

	* cms.c: add checks for KeyUsage

	* cert.c: more checks on KeyUsage, allow to query on them too

2005-07-24  Love Hörnquist Åstrand  <lha@it.su.se>

	* cms.c: Add missing break.
	
	* hx_locl.h,cms.c,cert.c: allow matching on SubjectKeyId

	* hxtool.c: Use _hx509_map_file, _hx509_unmap_file and
	_hx509_write_file.

	* file.c (_hx509_write_file): in case of write error, return errno

	* file.c (_hx509_write_file): add a function that write a data
	blob to disk too

	* Fix id-tags

	* Import mostly complete X.509 and CMS library. Handles, PEM, DER,
	PKCS12 encoded certicates.  Verificate RSA chains and handled
	CMS's SignedData, and EnvelopedData.