heimdal/hx509 at 76d6ee4abcef874ad13ec4e077b674fc726b45cb - heimdal - PVV Git

oysteikt/heimdal

Files

History

Nicolas Williams 15b2094079 hx509: Add Heimdal cert ext for ticket max_life

This adds support for using a Heimdal-specific PKIX extension to derive
a maximum Kerberos ticket lifetime from a client's PKINIT certificate:

 - a `--pkinit-max-life` to the `hxtool ca` command
 - `hx509_ca_tbs_set_pkinit_max_life()`
 - `hx509_cert_get_pkinit_max_life()`
 - `HX509_CA_TEMPLATE_PKINIT_MAX_LIFE`

There are two extensions.  One is an EKU, which if present means that
the maximum ticket lifetime should be derived from the notAfter minus
notBefore.  The other is a certificate extension whose value is a
maximum ticket lifetime in seconds.  The latter is preferred.

2021-03-24 19:12:00 -05:00

..

hx509: Add TCG EK and DevID certs to test with

2021-01-15 13:21:18 -06:00

hx509: update to newer PKCS#11 header

2015-12-09 10:59:08 +11:00

ca.c

hx509: Add Heimdal cert ext for ticket max_life

2021-03-24 19:12:00 -05:00

cert.c

hx509: Add Heimdal cert ext for ticket max_life

2021-03-24 19:12:00 -05:00

ChangeLog

switch to utf8 encoding of all files

2008-09-13 08:53:55 +00:00

char_map.h

remove trailing whitespace

2011-05-21 11:57:31 -07:00

cms.c

asn1: X.681/682/683 magic handling of open types

2021-02-28 18:13:08 -06:00

collector.c

lib/hx509: declare and apply HX509_LIB_xxx macros

2019-01-02 10:23:39 -06:00

crypto-ec.c

lib/hx509: declare and apply HX509_LIB_xxx macros

2019-01-02 10:23:39 -06:00

crypto.c

hx509: Add PKCS#8 private key format option

2019-10-03 13:09:18 -05:00

doxygen.c

Fix some typos.

2014-04-25 02:42:17 +02:00

env.c

lib/hx509: declare and apply HX509_LIB_xxx macros

2019-01-02 10:23:39 -06:00

error.c

hx509: Add hx509_enomem()

2020-09-07 22:04:59 -05:00

file.c

Fix switch fallthrough warnings/errors

2020-09-07 22:04:59 -05:00

hx509_err.et

hx509: keep track of authorized CSR features

2019-12-04 21:34:37 -06:00

hx509.h

hx509: Add Heimdal cert ext for ticket max_life

2021-03-24 19:12:00 -05:00

hx_locl.h

asn1: X.681/682/683 magic handling of open types

2021-02-28 18:13:08 -06:00

hxtool-commands.in

hx509: Add Heimdal cert ext for ticket max_life

2021-03-24 19:12:00 -05:00

hxtool-version.rc

Windows: Version information for binaries

2010-08-20 13:06:54 -04:00

hxtool.c

hx509: Add Heimdal cert ext for ticket max_life

2021-03-24 19:12:00 -05:00

keyset.c

hx509: Make hxtool default store type to FILE

2021-03-24 11:03:14 -05:00

ks_dir.c

hx509: add hx509_certs_destroy()

2019-10-03 13:09:18 -05:00

ks_file.c

Fix warnings (some bugs, some spurious)

2020-03-12 21:02:09 -05:00

ks_keychain.c

hx509: private key exclusion options

2019-12-09 18:10:10 -06:00

ks_mem.c

hx509: add hx509_certs_destroy()

2019-10-03 13:09:18 -05:00

ks_null.c

hx509: add hx509_certs_destroy()

2019-10-03 13:09:18 -05:00

ks_p11.c

hx509: private key exclusion options

2019-12-09 18:10:10 -06:00

ks_p12.c

hx509: private key exclusion options

2019-12-09 18:10:10 -06:00

libhx509-exports.def

hx509: Add Heimdal cert ext for ticket max_life

2021-03-24 19:12:00 -05:00

lock.c

lib/hx509: declare and apply HX509_LIB_xxx macros

2019-01-02 10:23:39 -06:00

Makefile.am

hx509: Fix hxtool building w/o ASN.1 templating

2021-03-10 21:21:26 -06:00

name.c

asn1: X.681/682/683 magic handling of open types

2021-02-28 18:13:08 -06:00

NTMakefile

Move ASN.1 modules from lib/hx509 to lib/asn1

2019-10-07 21:32:00 -05:00

peer.c

lib/hx509: declare and apply HX509_LIB_xxx macros

2019-01-02 10:23:39 -06:00

print.c

hx509: Fix rfc2459.asn1 compilation w/o templates

2021-03-10 21:21:26 -06:00

quote.py

make printablestring and ia5string octetstrings

2010-08-08 15:51:33 -07:00

req.c

hx509: Make hxtool default store type to FILE

2021-03-24 11:03:14 -05:00

revoke.c

WIN32: fix calling conventions for 32-bit builds

2019-01-14 06:12:36 -05:00

sel-gram.y

Fix Appveyor build: lib/hx509

2017-05-26 23:24:30 -04:00

sel-lex.l

Fix Appveyor build: lib/hx509

2017-05-26 23:24:30 -04:00

sel.c

hx509: Show query expression parse errors

2019-11-19 23:00:41 -06:00

sel.h

Add rationale comments for conditional yyparse redefinition

2017-03-15 19:15:57 -04:00

softp11.c

WIN32: fix calling conventions for 32-bit builds

2019-01-14 06:12:36 -05:00

test_ca.in

hx509: Add DNSSRV and TCG SAN types and DN attrs

2021-01-15 13:21:18 -06:00

test_cert.in

send output to /dev/null

2011-10-31 21:27:51 -07:00

test_chain.in

Use P-256 for EC tests

2014-03-12 21:18:03 -04:00

test_cms.in

Use P-256 for EC tests

2014-03-12 21:18:03 -04:00

test_crypto.in

Make sure that we can parse EC private keys

2009-05-25 23:42:31 +00:00

test_expr.c

remove trailing whitespace

2011-05-21 11:57:31 -07:00

test_java_pkcs11.in

switch to utf8 encoding of all files

2008-09-13 08:53:55 +00:00

test_name.c

hx509: Revamp name handling ahead of new SAN types

2021-01-15 13:21:18 -06:00

test_nist2.in

move time backward

2011-05-07 17:22:24 -07:00

test_nist_cert.in

switch to utf8 encoding of all files

2008-09-13 08:53:55 +00:00

test_nist_pkcs12.in

switch to utf8 encoding of all files

2008-09-13 08:53:55 +00:00

test_nist.in

hx509: Let test_nist keep going on failure

2021-02-22 00:21:45 -06:00

test_pkcs11.in

switch to utf8 encoding of all files

2008-09-13 08:53:55 +00:00

test_query.in

allow testing on sha1 hash in cert queries

2008-11-23 22:05:26 +00:00

test_req.in

hx509: Better handle OpenSSL diffs in test_req

2019-12-20 16:14:00 -06:00

test_soft_pkcs11.c

hx509: explicitly include ref/pkcs11.h

2015-12-09 11:03:48 +11:00

test_windows.in

switch to utf8 encoding of all files

2008-09-13 08:53:55 +00:00

TODO

drop $Id$

2009-09-21 19:15:00 -07:00

tst-crypto-available1

Add a PKCS11 provider supporting signing and verifing sigatures.

2008-01-14 20:53:56 +00:00

tst-crypto-available2

SHA384

2010-09-30 18:36:58 -07:00

tst-crypto-available3

Add a PKCS11 provider supporting signing and verifing sigatures.

2008-01-14 20:53:56 +00:00

tst-crypto-select

test crypto-select and crypto-available

2006-11-27 12:09:38 +00:00

tst-crypto-select1

switch to sha256

2009-03-26 23:12:02 +00:00

tst-crypto-select2

switch to sha256

2009-03-26 23:11:48 +00:00

tst-crypto-select3

test crypto-select and crypto-available

2006-11-27 12:09:38 +00:00

tst-crypto-select4

test crypto-select and crypto-available

2006-11-27 12:09:38 +00:00

tst-crypto-select5

test crypto-select and crypto-available

2006-11-27 12:09:38 +00:00

tst-crypto-select6

test crypto-select and crypto-available

2006-11-27 12:09:38 +00:00

tst-crypto-select7

check for aes256-cbc

2007-05-30 23:19:01 +00:00

version-script.map

hx509: Add Heimdal cert ext for ticket max_life

2021-03-24 19:12:00 -05:00