b2f9603d3f
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18254 ec53bebd-3082-4978-b11e-865c3cabbd6b
1281 lines
34 KiB
Plaintext
1281 lines
34 KiB
Plaintext
2006-10-06 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* name.c (_hx509_Name_to_string): remove dup const
|
|
|
|
2006-10-02 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* Makefile.am: Add more libs to libhx509
|
|
|
|
2006-10-01 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* ks_p11.c: Fix double free's, NULL ptr de-reference, and conform
|
|
better to pkcs11. From Douglas Engert.
|
|
|
|
* ref: remove ^M, it breaks solaris 10s cc. From Harald Barth
|
|
|
|
2006-09-19 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_crypto.in: Bleichenbacher bad cert from Ralf-Philipp
|
|
Weinmann and Andrew Pyshkin, pad right.
|
|
|
|
* data: starfield test root cert and Ralf-Philipp and Andreis
|
|
correctly padded bad cert
|
|
|
|
2006-09-15 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_crypto.in: Add test for yutaka certs.
|
|
|
|
* cert.c: Add a strict rfc3280 verification flag. rfc3280 requires
|
|
certificates to have KeyUsage.keyCertSign if they are to be used
|
|
for signing of certificates, but the step in the verifiation is
|
|
optional.
|
|
|
|
* hxtool.c: Improve printing and error reporting.
|
|
|
|
2006-09-13 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_crypto.in,Makefile.am,data/bleichenbacher-{bad,good}.pem:
|
|
test bleichenbacher from eay
|
|
|
|
2006-09-12 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hxtool.c: Make common function for all getarg_strings and
|
|
hx509_certs_append commonly used.
|
|
|
|
* cms.c: HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT is a negative
|
|
flag, treat it was such.
|
|
|
|
2006-09-11 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* req.c: Use the new add_GeneralNames function.
|
|
|
|
* hx509.h: Add HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT.
|
|
|
|
* ks_p12.c: Adapt to new signature of hx509_cms_unenvelope.
|
|
|
|
* hxtool.c: Adapt to new signature of hx509_cms_unenvelope.
|
|
|
|
* cms.c: Allow passing in encryptedContent and flag. Add new flag
|
|
HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT.
|
|
|
|
2006-09-08 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* ks_p11.c: cast void * to char * when using it for %s formating
|
|
in printf.
|
|
|
|
* name.c: New function _hx509_Name_to_string.
|
|
|
|
2006-09-07 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* ks_file.c: Sprinkle error messages.
|
|
|
|
* cms.c: Sprinkle even more error messages.
|
|
|
|
* cms.c: Sprinkle some error messages.
|
|
|
|
* cms.c (find_CMSIdentifier): only free string when we allocated
|
|
one.
|
|
|
|
* ks_p11.c: Don't build most of the pkcs11 module if there are no
|
|
dlopen().
|
|
|
|
2006-09-06 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* cms.c (hx509_cms_unenvelope): try to save the error string from
|
|
find_CMSIdentifier so we have one more bit of information what
|
|
went wrong.
|
|
|
|
* hxtool.c: More pretty printing, make verify_signed return the
|
|
error string from the library.
|
|
|
|
* cms.c: Try returning what certificates failed to parse or be
|
|
found.
|
|
|
|
* ks_p11.c (p11_list_keys): fetch CKA_LABEL and use it to set the
|
|
friendlyname for the certificate.
|
|
|
|
2006-09-05 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* crypto.c: check that there are no extra bytes in the checksum
|
|
and that the parameters are NULL or the NULL-type. All to avoid
|
|
having excess data that can be used to fake the signature.
|
|
|
|
* hxtool.c: print keyusage
|
|
|
|
* print.c: add hx509_cert_keyusage_print, simplify oid printing
|
|
|
|
* cert.c: add _hx509_cert_get_keyusage
|
|
|
|
* ks_p11.c: keep one session around for the whole life of the keyset
|
|
|
|
* test_query.in: tests more selection
|
|
|
|
* hxtool.c: improve pretty printing in print and query
|
|
|
|
* hxtool{.c,-commands.in}: add selection on KU and printing to query
|
|
|
|
* test_cms.in: Add cms test for digitalSignature and
|
|
keyEncipherment certs.
|
|
|
|
* name.c (no): Add serialNumber
|
|
|
|
* ks_p11.c (p11_get_session): return better error messages
|
|
|
|
2006-09-04 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* ref: update to pkcs11 reference files 2.20
|
|
|
|
* ks_p11.c: add more mechflags
|
|
|
|
* name.c (no): add OU and sort
|
|
|
|
* revoke.c: pass context to _hx509_create_signature
|
|
|
|
* ks_p11.c (p11_printinfo): print proper plural s
|
|
|
|
* ks_p11.c: save the mechs supported when initing the token, print
|
|
them in printinfo.
|
|
|
|
* hx_locl.h: Include <parse_units.h>.
|
|
|
|
* cms.c: pass context to _hx509_create_signature
|
|
|
|
* req.c: pass context to _hx509_create_signature
|
|
|
|
* keyset.c (hx509_certs_info): print information about the keyset.
|
|
|
|
* hxtool.c (pcert_print) print keystore info when --info flag is
|
|
given.
|
|
|
|
* hxtool-commands.in: Add hxtool print --info.
|
|
|
|
* test_query.in: Test hxtool print --info.
|
|
|
|
* hx_locl.h (hx509_keyset_ops): add printinfo
|
|
|
|
* crypto.c: Start to hang the private key operations of the
|
|
private key, pass hx509_context to create_checksum.
|
|
|
|
2006-05-29 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* ks_p11.c: Iterate over all slots, not just the first/selected
|
|
one.
|
|
|
|
2006-05-27 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* cert.c: Add release function for certifiates so backend knowns
|
|
when its no longer used.
|
|
|
|
* ks_p11.c: Add reference counting on certifiates, push out
|
|
CK_SESSION_HANDLE from slot.
|
|
|
|
* cms.c: sprinkle more hx509_clear_error_string
|
|
|
|
2006-05-22 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* ks_p11.c: Sprinkle some hx509_set_error_strings
|
|
|
|
2006-05-13 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hxtool.c: Avoid shadowing.
|
|
|
|
* revoke.c: Avoid shadowing.
|
|
|
|
* ks_file.c: Avoid shadowing.
|
|
|
|
* cert.c: Avoid shadowing.
|
|
|
|
2006-05-12 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lock.c (hx509_prompt_hidden): reshuffle to avoid gcc warning
|
|
|
|
* hx509.h: Reshuffle the prompter types, remove the hidden field.
|
|
|
|
* lock.c (hx509_prompt_hidden): return if the prompt should be
|
|
hidden or not
|
|
|
|
* revoke.c (hx509_revoke_free): allow free of NULL.
|
|
|
|
2006-05-11 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* ks_file.c (file_init): Avoid shadowing ret (and thus avoiding
|
|
crashing).
|
|
|
|
* ks_dir.c: Implement DIR: caches useing FILE: caches.
|
|
|
|
* ks_p11.c: Catch more errors.
|
|
|
|
2006-05-08 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* crypto.c (hx509_crypto_encrypt): free correctly in error
|
|
path. From Andrew Bartlett.
|
|
|
|
* crypto.c: If RAND_bytes fails, then we will attempt to
|
|
double-free crypt->key.data. From Andrew Bartlett.
|
|
|
|
2006-05-05 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* name.c: Rename u_intXX_t to uintXX_t
|
|
|
|
2006-05-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* TODO: More to do about the about the PKCS11 code.
|
|
|
|
* ks_p11.c: Use the prompter from the lock function.
|
|
|
|
* lock.c: Deal with that hx509_prompt.reply is no longer a
|
|
pointer.
|
|
|
|
* hx509.h: Make hx509_prompt.reply not a pointer.
|
|
|
|
2006-05-02 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* keyset.c: Sprinkle setting error strings.
|
|
|
|
* crypto.c: Sprinkle setting error strings.
|
|
|
|
* collector.c: Sprinkle setting error strings.
|
|
|
|
* cms.c: Sprinkle setting error strings.
|
|
|
|
2006-05-01 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_name.c: renamed one error code
|
|
|
|
* name.c: renamed one error code
|
|
|
|
* ks_p11.c: _hx509_set_cert_attribute changed signature
|
|
|
|
* hxtool.c (pcert_print): use hx509_err so I can test it
|
|
|
|
* error.c (hx509_set_error_stringv): clear errors on malloc
|
|
failure
|
|
|
|
* hx509_err.et: Add some more errors
|
|
|
|
* cert.c: Sprinkle setting error strings.
|
|
|
|
* cms.c: _hx509_path_append changed signature.
|
|
|
|
* revoke.c: changed signature of _hx509_check_key_usage
|
|
|
|
* keyset.c: changed signature of _hx509_query_match_cert
|
|
|
|
* hx509.h: Add support for error strings.
|
|
|
|
* cms.c: changed signature of _hx509_check_key_usage
|
|
|
|
* Makefile.am: ibhx509_la_files += error.c
|
|
|
|
* ks_file.c: Sprinkel setting error strings.
|
|
|
|
* cert.c: Sprinkel setting error strings.
|
|
|
|
* hx_locl.h: Add support for error strings.
|
|
|
|
* error.c: Add string error handling functions.
|
|
|
|
* keyset.c (hx509_certs_init): pass the right error code back
|
|
|
|
2006-04-30 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* revoke.c: Revert previous patch.
|
|
(hx509_ocsp_verify): new function that returns the expiration of
|
|
certificate in ocsp data-blob
|
|
|
|
* cert.c: Reverse previous patch, lets do it another way.
|
|
|
|
* cert.c (hx509_revoke_verify): update usage
|
|
|
|
* revoke.c: Make compile.
|
|
|
|
* revoke.c: Add the expiration time the crl/ocsp info expire
|
|
|
|
* name.c: Add hx509_name_is_null_p
|
|
|
|
* cert.c: remove _hx509_cert_private_sigature
|
|
|
|
2006-04-29 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* name.c: Expose more of Name.
|
|
|
|
* hxtool.c (main): add missing argument to printf
|
|
|
|
* data/openssl.cnf: Add EKU for the KDC certificate
|
|
|
|
* cert.c (hx509_cert_get_base_subject): reject un-canon proxy
|
|
certs, not the reverse
|
|
(add_to_list): constify and fix argument order to
|
|
copy_octet_string
|
|
(hx509_cert_find_subjectAltName_otherName): make work
|
|
|
|
2006-04-28 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* data/{pkinit,kdc}.{crt,key}: pkinit certificates
|
|
|
|
* data/gen-req.sh: Generate pkinit certificates.
|
|
|
|
* data/openssl.cnf: Add pkinit glue.
|
|
|
|
* cert.c (hx509_verify_hostname): implement stub function
|
|
|
|
2006-04-27 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* TODO: CRL delta support
|
|
|
|
2006-04-26 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* data/.cvsignore: ignore leftover from OpenSSL cert generation
|
|
|
|
* hx509_err.et: Add name malformated error
|
|
|
|
* name.c (hx509_parse_name): don't abort on error, rather return
|
|
error
|
|
|
|
* test_name.c: Test failure parsing name.
|
|
|
|
* cert.c: When verifying certificates, store subject basename for
|
|
later consumption.
|
|
|
|
* test_name.c: test to parse and print name and check that they
|
|
are the same.
|
|
|
|
* name.c (hx509_parse_name): fix length argument to printf string
|
|
|
|
* name.c (hx509_parse_name): fix length argument to stringtooid, 1
|
|
too short.
|
|
|
|
* cert.c: remove debug printf's
|
|
|
|
* name.c (hx509_parse_name): make compile pre c99
|
|
|
|
* data/gen-req.sh: OpenSSL have a serious issue of user confusion
|
|
-subj in -ca takes the arguments in LDAP order. -subj for x509
|
|
takes it in x509 order.
|
|
|
|
* cert.c (hx509_verify_path): handle the case where the where two
|
|
proxy certs in a chain.
|
|
|
|
* test_chain.in: enable two proxy certificates in a chain test
|
|
|
|
* test_chain.in: tests proxy certificates
|
|
|
|
* data: re-gen
|
|
|
|
* data/gen-req.sh: build proxy certificates
|
|
|
|
* data/openssl.cnf: add def for proxy10_cert
|
|
|
|
* hx509_err.et: Add another proxy certificate error.
|
|
|
|
* cert.c (hx509_verify_path): Need to mangle name to remove the CN
|
|
of the subject, copying issuer only works for one level but is
|
|
better then doing no checking at all.
|
|
|
|
* hxtool.c: Add verify --allow-proxy-certificate.
|
|
|
|
* hxtool-commands.in: add verify --allow-proxy-certificate
|
|
|
|
* hx509_err.et: Add proxy certificate errors.
|
|
|
|
* cert.c: Fix comment about subject name of proxy certificate.
|
|
|
|
* test_chain.in: tests for proxy certs
|
|
|
|
* data/gen-req.sh: gen proxy and non-proxy tests certificates
|
|
|
|
* data/openssl.cnf: Add definition for proxy certs
|
|
|
|
* data/*proxy-test.*: Add proxy certificates
|
|
|
|
* cert.c (hx509_verify_path): verify proxy certificate have no san
|
|
or ian
|
|
|
|
* cert.c (hx509_verify_set_proxy_certificate): Add
|
|
(*): rename policy cert to proxy cert
|
|
|
|
* cert.c: Initial support for proxy certificates.
|
|
|
|
2006-04-24 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hxtool.c: some error checking
|
|
|
|
* name.c: Switch over to asn1 generaed oids.
|
|
|
|
* TODO: merge with old todo file
|
|
|
|
2006-04-23 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_query.in: make quiet
|
|
|
|
* test_req.in: SKIP test if there is no RSA support.
|
|
|
|
* hxtool.c: print dh method too
|
|
|
|
* test_chain.in: SKIP test if there is no RSA support.
|
|
|
|
* test_cms.in: SKIP test if there is no RSA support.
|
|
|
|
* test_nist.in: SKIP test if there is no RSA support.
|
|
|
|
2006-04-22 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hxtool-commands.in: Allow passing in pool and anchor to
|
|
signedData
|
|
|
|
* hxtool.c: Allow passing in pool and anchor to signedData
|
|
|
|
* test_cms.in: Test that certs in signed data is picked up.
|
|
|
|
* hx_locl.h: Expose the path building function to internal
|
|
functions.
|
|
|
|
* cert.c: Expose the path building function to internal functions.
|
|
|
|
* hxtool-commands.in: cms-envelope: Add support for choosing the
|
|
encryption type
|
|
|
|
* hxtool.c (cms_create_enveloped): Add support for choosing the
|
|
encryption type
|
|
|
|
* test_cms.in: Test generating des-ede3 aes-128 aes-256 enveloped
|
|
data
|
|
|
|
* crypto.c: Add names to cipher types.
|
|
|
|
* cert.c (hx509_query_match_friendly_name): fix return value
|
|
|
|
* data/gen-req.sh: generate tests for enveloped data using
|
|
des-ede3 and aes256
|
|
|
|
* test_cms.in: add tests for enveloped data using des-ede3 and
|
|
aes256
|
|
|
|
* cert.c (hx509_query_match_friendly_name): New function.
|
|
|
|
2006-04-21 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* ks_p11.c: Add support for parsing slot-number.
|
|
|
|
* crypto.c (oid_private_rc2_40): simply
|
|
|
|
* crypto.c: Use oids from asn1 generator.
|
|
|
|
* ks_file.c (file_init): reset length when done with a part
|
|
|
|
* test_cms.in: check with test.combined.crt.
|
|
|
|
* data/gen-req.sh: Create test.combined.crt.
|
|
|
|
* test_cms.in: Test signed data using keyfile that is encrypted.
|
|
|
|
* ks_file.c: Remove (commented out) debug printf
|
|
|
|
* ks_file.c (parse_rsa_private_key): use EVP_get_cipherbyname
|
|
|
|
* ks_file.c (parse_rsa_private_key): make working for one
|
|
password.
|
|
|
|
* ks_file.c (parse_rsa_private_key): Implement enought for
|
|
testing.
|
|
|
|
* hx_locl.h: Add <ctype.h>
|
|
|
|
* ks_file.c: Add glue code for PEM encrypted password files.
|
|
|
|
* test_cms.in: Add commeted out password protected PEM file,
|
|
remove password for those tests that doesn't need it.
|
|
|
|
* test_cms.in: adapt test now that we can use any certificate and
|
|
trust anchor
|
|
|
|
* collector.c: handle PEM RSA PRIVATE KEY files
|
|
|
|
* cert.c: Remove unused function.
|
|
|
|
* ks_dir.c: move code here from ks_file.c now that its no longer
|
|
used.
|
|
|
|
* ks_file.c: Add support for parsing unencrypted RSA PRIVATE KEY
|
|
|
|
* crypto.c: Handle rsa private keys better.
|
|
|
|
2006-04-20 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hxtool.c: Use hx509_cms_{,un}wrap_ContentInfo
|
|
|
|
* cms.c: Make hx509_cms_{,un}wrap_ContentInfo usable in asn1
|
|
un-aware code.
|
|
|
|
* cert.c (hx509_verify_path): if trust anchor is not self signed,
|
|
don't check sig From Douglas Engert.
|
|
|
|
* test_chain.in: test "sub-cert -> sub-ca"
|
|
|
|
* crypto.c: Use the right length for the sha256 checksums.
|
|
|
|
2006-04-15 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* crypto.c: Fix breakage from sha256 code.
|
|
|
|
* crypto.c: Add SHA256 support, and symbols for the other new
|
|
SHA-2 types.
|
|
|
|
2006-04-14 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_cms.in: test rc2-40 rc2-64 rc2-128 enveloped data
|
|
|
|
* data/test-enveloped-rc2-{40,64,128}: add tests cases for rc2
|
|
|
|
* cms.c: Update prototypes changes for hx509_crypto_[gs]et_params.
|
|
|
|
* crypto.c: Break out the parameter handling code for encrypting
|
|
data to handle RC2. Needed for Windows 2k pk-init support.
|
|
|
|
2006-04-04 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* Makefile.am: Split libhx509_la_SOURCES into build file and
|
|
distributed files so we can avoid building prototypes for
|
|
build-files.
|
|
|
|
2006-04-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* TODO: split certificate request into pkcs10 and CRMF
|
|
|
|
* hxtool-commands.in: Add nonce flag to ocsp-fetch
|
|
|
|
* hxtool.c: control sending nonce
|
|
|
|
* hxtool.c (request_create): store the request in a file, no in
|
|
bitbucket.
|
|
|
|
* cert.c: expose print_cert_subject internally
|
|
|
|
* hxtool.c: Add ocsp_print.
|
|
|
|
* hxtool-commands.in: New command "ocsp-print".
|
|
|
|
* hx_locl.h: Include <hex.h>.
|
|
|
|
* revoke.c (verify_ocsp): require issuer to match too.
|
|
(free_ocsp): new function
|
|
(hx509_revoke_ocsp_print): new function, print ocsp reply
|
|
|
|
* Makefile.am: build CRMF files
|
|
|
|
* data/key.der: needed for cert request test
|
|
|
|
* test_req.in: adapt to rename of pkcs10-create to request-create
|
|
|
|
* hxtool.c: adapt to rename of pkcs10-create to request-create
|
|
|
|
* hxtool-commands.in: Rename pkcs10-create to request-create
|
|
|
|
* crypto.c: (_hx509_parse_private_key): Avoid crashing on bad input.
|
|
|
|
* hxtool.c (pkcs10_create): use opt->subject_string
|
|
|
|
* hxtool-commands.in: Add pkcs10-create --subject
|
|
|
|
* Makefile.am: Add test_req to tests.
|
|
|
|
* test_req.in: Test for pkcs10 commands.
|
|
|
|
* name.c (hx509_parse_name): new function.
|
|
|
|
* hxtool.c (pkcs10_create): implement
|
|
|
|
* hxtool-commands.in (pkcs10-create): Add arguments
|
|
|
|
* crypto.c: Add _hx509_private_key2SPKI and support
|
|
functions (only support RSA for now).
|
|
|
|
2006-04-02 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hxtool-commands.in: Add pkcs10-create command.
|
|
|
|
* hx509.h: Add hx509_request.
|
|
|
|
* TODO: more stuff
|
|
|
|
* Makefile.am: Add req.c
|
|
|
|
* req.c: Create certificate requests, prototype converts the
|
|
request in a pkcs10 packet.
|
|
|
|
* hxtool.c: Add pkcs10_create
|
|
|
|
* name.c (hx509_name_copy): new function.
|
|
|
|
2006-04-01 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* TODO: fill out what do
|
|
|
|
* hxtool-commands.in: add pkcs10-print
|
|
|
|
* hx_locl.h: Include <pkcs10_asn1.h>.
|
|
|
|
* pkcs10.asn1: PKCS#10
|
|
|
|
* hxtool.c (pkcs10_print): new function.
|
|
|
|
* test_chain.in: test ocsp keyhash
|
|
|
|
* data: generate ocsp keyhash version too
|
|
|
|
* revoke.c (load_ocsp): test that we got back a BasicReponse
|
|
|
|
* ocsp.asn1: Add asn1_id_pkix_ocsp*.
|
|
|
|
* Makefile.am: Add asn1_id_pkix_ocsp*.
|
|
|
|
* cert.c: Add HX509_QUERY_MATCH_KEY_HASH_SHA1
|
|
|
|
* hx_locl.h: Add HX509_QUERY_MATCH_KEY_HASH_SHA1
|
|
|
|
* revoke.c: Support OCSPResponderID.byKey, indent.
|
|
|
|
* revoke.c (hx509_ocsp_request): Add nonce to ocsp request.
|
|
|
|
* hxtool.c: Add nonce to ocsp request.
|
|
|
|
* test_chain.in: Added crl tests
|
|
|
|
* data/nist-data: rename missing-crl to missing-revoke
|
|
|
|
* data: make ca use openssl ca command so we can add ocsp tests,
|
|
and regen certs
|
|
|
|
* test_chain.in: Add revoked ocsp cert test
|
|
|
|
* cert.c: rename missing-crl to missing-revoke
|
|
|
|
* revoke.c: refactor code, fix a un-init-ed variable
|
|
|
|
* test_chain.in: rename missing-crl to missing-revoke add ocsp
|
|
tests
|
|
|
|
* test_cms.in: rename missing-crl to missing-revoke
|
|
|
|
* hxtool.c: rename missing-crl to missing-revoke
|
|
|
|
* hxtool-commands.in: rename missing-crl to missing-revoke
|
|
|
|
* revoke.c: Plug one memory leak.
|
|
|
|
* revoke.c: Renamed generic CRL related errors.
|
|
|
|
* hx509_err.et: Comments and renamed generic CRL related errors
|
|
|
|
* revoke.c: Add ocsp checker.
|
|
|
|
* ocsp.asn1: Add id-kp-OCSPSigning
|
|
|
|
* hxtool-commands.in: add url-path argument to ocsp-fetch
|
|
|
|
* hxtool.c: implement ocsp-fetch
|
|
|
|
* cert.c: Use HX509_DEFAULT_OCSP_TIME_DIFF.
|
|
|
|
* hx_locl.h: Add ocsp_time_diff to hx509_context
|
|
|
|
* crypto.c (_hx509_verify_signature_bitstring): new function,
|
|
commonly use when checking certificates
|
|
|
|
* cms.c (hx509_cms_envelope_1): check for internal ASN.1 encoder
|
|
error
|
|
|
|
* cert.c: Add ocsp glue, use new
|
|
_hx509_verify_signature_bitstring, add eku checking function.
|
|
|
|
2006-03-31 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* Makefile.am: add id_kp_OCSPSigning.x
|
|
|
|
* revoke.c: Pick out certs in ocsp response
|
|
|
|
* TODO: list of stuff to verify
|
|
|
|
* revoke.c: Add code to load OCSPBasicOCSPResponse files, reload
|
|
crl when its changed on disk.
|
|
|
|
* cert.c: Update for ocsp merge. handle building path w/o
|
|
subject (using subject key id)
|
|
|
|
* ks_p12.c: _hx509_map_file changed prototype.
|
|
|
|
* file.c: _hx509_map_file changed prototype, returns struct stat
|
|
if requested.
|
|
|
|
* ks_file.c: _hx509_map_file changed prototype.
|
|
|
|
* hxtool.c: Add stub for ocsp-fetch, _hx509_map_file changed
|
|
prototype, add ocsp parsing to verify command.
|
|
|
|
* hx_locl.h: rename HX509_CTX_CRL_MISSING_OK to
|
|
HX509_CTX_VERIFY_MISSING_OK now that we have OCSP glue
|
|
|
|
2006-03-30 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hx_locl.h: Add <krb5-types.h> to make it compile on Solaris,
|
|
from Alex V. Labuta.
|
|
|
|
2006-03-28 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* crypto.c (_hx509_pbe_decrypt): try all passwords, not just the
|
|
first one.
|
|
|
|
2006-03-27 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* print.c (check_altName): Print the othername oid.
|
|
|
|
* crypto.c: Manual page claims RSA_public_decrypt will return -1
|
|
on error, lets check for that
|
|
|
|
* crypto.c (_hx509_pbe_decrypt): also try the empty password
|
|
|
|
* collector.c (match_localkeyid): no need to add back the cert to
|
|
the cert pool, its already there.
|
|
|
|
* crypto.c: Add REQUIRE_SIGNER
|
|
|
|
* cert.c (hx509_cert_free): ok to free NULL
|
|
|
|
* hx509_err.et: Add new error code SIGNATURE_WITHOUT_SIGNER.
|
|
|
|
* name.c (_hx509_name_ds_cmp): make DirectoryString case
|
|
insenstive
|
|
(hx509_name_to_string): less spacing
|
|
|
|
* cms.c: Check for signature error, check consitency of error
|
|
|
|
2006-03-26 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* collector.c (_hx509_collector_alloc): handle errors
|
|
|
|
* cert.c (hx509_query_alloc): allocate slight more more then a
|
|
sizeof(pointer)
|
|
|
|
* crypto.c (_hx509_private_key_assign_key_file): ask for password
|
|
if nothing matches.
|
|
|
|
* cert.c: Expose more of the hx509_query interface.
|
|
|
|
* collector.c: hx509_certs_find is now exposed.
|
|
|
|
* cms.c: hx509_certs_find is now exposed.
|
|
|
|
* revoke.c: hx509_certs_find is now exposed.
|
|
|
|
* keyset.c (hx509_certs_free): allow free-ing NULL
|
|
(hx509_certs_find): expose
|
|
(hx509_get_one_cert): new function
|
|
|
|
* hxtool.c: hx509_certs_find is now exposed.
|
|
|
|
* hx_locl.h: Remove hx509_query, its exposed now.
|
|
|
|
* hx509.h: Add hx509_query.
|
|
|
|
2006-02-22 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* cert.c: Add exceptions for null (empty) subjectNames
|
|
|
|
* data/nist-data: Add some more name constraints tests.
|
|
|
|
* data/nist-data: Add some of the test from 4.13 Name Constraints.
|
|
|
|
* cert.c: Name constraits needs to be evaluated in block as they
|
|
appear in the certificates, they can not be joined to one
|
|
list. One example of this is:
|
|
|
|
- cert is cn=foo,dc=bar,dc=baz
|
|
- subca is dc=foo,dc=baz with name restriction dc=kaka,dc=baz
|
|
- ca is dc=baz with name restriction dc=baz
|
|
|
|
If the name restrictions are merged to a list, the certificate
|
|
will pass this test.
|
|
|
|
2006-02-14 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* cert.c: Handle more name constraints cases.
|
|
|
|
* crypto.c (dsa_verify_signature): if test if malloc failed
|
|
|
|
2006-01-31 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* cms.c: Drop partial pkcs12 string2key implementation.
|
|
|
|
2006-01-20 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* data/nist-data: Add commited out DSA tests (they fail).
|
|
|
|
* data/nist-data: Add 4.2 Validity Periods.
|
|
|
|
* test_nist.in: Make less verbose to use.
|
|
|
|
* Makefile.am: Add test_nist_cert.
|
|
|
|
* data/nist-data: Add some more CRL-tests.
|
|
|
|
* test_nist.in: Print $id instead of . when running the tests.
|
|
|
|
* test_nist.in: Drop verifying certifiates, its done in another
|
|
test now.
|
|
|
|
* data/nist-data: fixup kill-rectangle leftovers
|
|
|
|
* data/nist-data: Drop verifying certifiates, its done in another
|
|
test now. Add more crl tests. comment out all unused tests.
|
|
|
|
* test_nist_cert.in: test parse all nist certs
|
|
|
|
2006-01-19 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hx509_err.et: Add HX509_CRL_UNKNOWN_EXTENSION.
|
|
|
|
* revoke.c: Check for unknown extentions in CRLs and CRLEntries.
|
|
|
|
* test_nist.in: Parse new format to handle CRL info.
|
|
|
|
* test_chain.in: Add --missing-crl.
|
|
|
|
* name.c (hx509_unparse_der_name): Rename from hx509_parse_name.
|
|
(_hx509_unparse_Name): Add.
|
|
|
|
* hxtool-commands.in: Add --missing-crl to verify commands.
|
|
|
|
* hx509_err.et: Add CRL errors.
|
|
|
|
* cert.c (hx509_context_set_missing_crl): new function Add CRL
|
|
handling.
|
|
|
|
* hx_locl.h: Add HX509_CTX_CRL_MISSING_OK.
|
|
|
|
* revoke.c: Parse and verify CRLs (simplistic).
|
|
|
|
* hxtool.c: Parse CRL info.
|
|
|
|
* data/nist-data: Change format so we can deal with CRLs, also
|
|
note the test-id from PKITS.
|
|
|
|
* data: regenerate test
|
|
|
|
* data/gen-req.sh: use static-file to generate tests
|
|
|
|
* data/static-file: new file to use for commited tests
|
|
|
|
* test_cms.in: Use static file, add --missing-crl.
|
|
|
|
2006-01-18 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* print.c: Its cRLReason, not cRLReasons.
|
|
|
|
* hxtool.c: Attach revoke context to verify context.
|
|
|
|
* data/nist-data: change syntax to make match better with crl
|
|
checks
|
|
|
|
* cert.c: Verify no certificates has been revoked with the new
|
|
revoke interface.
|
|
|
|
* Makefile.am: libhx509_la_SOURCES += revoke.c
|
|
|
|
* revoke.c: Add framework for handling CRLs.
|
|
|
|
* hx509.h: Add hx509_revoke_ctx.
|
|
|
|
2006-01-13 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* delete crypto_headers.h, use global file instead.
|
|
|
|
* crypto.c (PBE_string2key): libdes now supports PKCS12_key_gen
|
|
|
|
2006-01-12 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* crypto_headers.h: Need BN_is_negative too.
|
|
|
|
2006-01-11 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* ks_p11.c (p11_rsa_public_decrypt): since is wrong, don't provide
|
|
it. PKCS11 can't do public_decrypt, it support verify though. All
|
|
this doesn't matter, since the code never go though this path.
|
|
|
|
* crypto_headers.h: Provide glue to compile with less warnings
|
|
with OpenSSL
|
|
|
|
2006-01-08 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* Makefile.am: Depend on LIB_des
|
|
|
|
* lock.c: Use "crypto_headers.h".
|
|
|
|
* crypto_headers.h: Include the two diffrent implementation of
|
|
crypto headers.
|
|
|
|
* cert.c: Use "crypto-headers.h". Load ENGINE configuration.
|
|
|
|
* crypto.c: Make compile with both OpenSSL and heimdal libdes.
|
|
|
|
* ks_p11.c: Add code for public key decryption (not supported yet)
|
|
and use "crypto-headers.h".
|
|
|
|
|
|
2006-01-04 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* add a hx509_context where we can store configuration
|
|
|
|
* p11.c,Makefile.am: pkcs11 is now supported by library, remove
|
|
old files.
|
|
|
|
* ks_p11.c: more paranoid on refcount, set refcounter ealier,
|
|
reset pointers after free
|
|
|
|
* collector.c (struct private_key): remove temporary key data
|
|
storage, convert directly to a key
|
|
(match_localkeyid): match certificate and key using localkeyid
|
|
(match_keys): match certificate and key using _hx509_match_keys
|
|
(_hx509_collector_collect): rewrite to use match_keys and
|
|
match_localkeyid
|
|
|
|
* crypto.c (_hx509_match_keys): function that determins if a
|
|
private key matches a certificate, used when there is no
|
|
localkeyid.
|
|
(*) reset free pointer
|
|
|
|
* ks_file.c: Rewrite to use collector and mapping support
|
|
function.
|
|
|
|
* ks_p11.c (rsa_pkcs1_method): constify
|
|
|
|
* ks_p11.c: drop extra wrapping of p11_init
|
|
|
|
* crypto.c (_hx509_private_key_assign_key_file): use function to
|
|
extact rsa key
|
|
|
|
* cert.c: Revert previous, refcounter is unsigned, so it can never
|
|
be negative.
|
|
|
|
* cert.c (hx509_cert_ref): more refcount paranoia
|
|
|
|
* ks_p11.c: Implement rsa_private_decrypt and add stubs for public
|
|
ditto.
|
|
|
|
* ks_p11.c: Less printf, less memory leaks.
|
|
|
|
* ks_p11.c: Implement signing using pkcs11.
|
|
|
|
* ks_p11.c: Partly assign private key, enough to complete
|
|
collection, but not any crypto functionallity.
|
|
|
|
* collector.c: Use hx509_private_key to assign private keys.
|
|
|
|
* crypto.c: Remove most of the EVP_PKEY code, and use RSA
|
|
directly, this temporary removes DSA support.
|
|
|
|
* hxtool.c (print_f): print if there is a friendly name and if
|
|
there is a private key
|
|
|
|
2006-01-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* name.c: Avoid warning from missing __attribute__((noreturn))
|
|
|
|
* lock.c (_hx509_lock_unlock_certs): return unlock certificates
|
|
|
|
* crypto.c (_hx509_private_key_assign_ptr): new function, exposes
|
|
EVP_PKEY
|
|
(_hx509_private_key_assign_key_file): remember to free private key
|
|
if there is one.
|
|
|
|
* cert.c (_hx509_abort): add newline to output and flush stdout
|
|
|
|
* Makefile.am: libhx509_la_SOURCES += collector.c
|
|
|
|
* hx_locl.h: forward type declaration of struct hx509_collector.
|
|
|
|
* collector.c: Support functions to collect certificates and
|
|
private keys and then match them.
|
|
|
|
* ks_p12.c: Use the new hx509_collector support functions.
|
|
|
|
* ks_p11.c: Add enough glue to support certificate iteration.
|
|
|
|
* test_nist_pkcs12.in: Less verbose.
|
|
|
|
* cert.c (hx509_cert_free): if there is a private key assosited
|
|
with this cert, free it
|
|
|
|
* print.c: Use _hx509_abort.
|
|
|
|
* ks_p12.c: Use _hx509_abort.
|
|
|
|
* hxtool.c: Use _hx509_abort.
|
|
|
|
* crypto.c: Use _hx509_abort.
|
|
|
|
* cms.c: Use _hx509_abort.
|
|
|
|
* cert.c: Use _hx509_abort.
|
|
|
|
* name.c: use _hx509_abort
|
|
|
|
2006-01-02 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* name.c (hx509_name_to_string): don't cut bmpString in half.
|
|
|
|
* name.c (hx509_name_to_string): don't overwrite with 1 byte with
|
|
bmpString.
|
|
|
|
* ks_file.c (parse_certificate): avoid stomping before array
|
|
|
|
* name.c (oidtostring): avoid leaking memory
|
|
|
|
* keyset.c: Add _hx509_ks_dir_register.
|
|
|
|
* Makefile.am (libhx509_la_SOURCES): += ks_dir.c
|
|
|
|
* hxtool-commands.in: Remove pkcs11.
|
|
|
|
* hxtool.c: Remove pcert_pkcs11.
|
|
|
|
* ks_file.c: Factor out certificate parsing code.
|
|
|
|
* ks_dir.c: Add new keystore that treats all files in a directory
|
|
a keystore, useful for regression tests.
|
|
|
|
2005-12-12 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_nist_pkcs12.in: Test parse PKCS12 files from NIST.
|
|
|
|
* data/nist-data: Can handle DSA certificate.
|
|
|
|
* hxtool.c: Print error code on failure.
|
|
|
|
2005-10-29 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* crypto.c: Support DSA signature operations.
|
|
|
|
2005-10-04 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* print.c: Validate that issuerAltName and subjectAltName isn't
|
|
empty.
|
|
|
|
2005-09-14 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* p11.c: Cast to unsigned char to avoid warning.
|
|
|
|
* keyset.c: Register pkcs11 module.
|
|
|
|
* Makefile.am: Add ks_p11.c, install hxtool.
|
|
|
|
* ks_p11.c: Starting point of a pkcs11 module.
|
|
|
|
2005-09-04 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lock.c: Implement prompter.
|
|
|
|
* hxtool-commands.in: add --content to print
|
|
|
|
* hxtool.c: Split verify and print.
|
|
|
|
* cms.c: _hx509_pbe_decrypt now takes a hx509_lock.
|
|
|
|
* crypto.c: Make _hx509_pbe_decrypt take a hx509_lock, workaround
|
|
for empty password.
|
|
|
|
* name.c: Add DC, handle all Directory strings, fix signless
|
|
problems.
|
|
|
|
2005-09-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_query.in: Pass in --pass to all commands.
|
|
|
|
* hxtool.c: Use option --pass.
|
|
|
|
* hxtool-commands.in: Add --pass to all commands.
|
|
|
|
* hx509_err.et: add UNKNOWN_LOCK_COMMAND and CRYPTO_NO_PROMPTER
|
|
|
|
* test_cms.in: pass in password to cms-create-sd
|
|
|
|
* crypto.c: Abstract out PBE_string2key so I can add PBE2 s2k
|
|
later. Avoid signess warnings with OpenSSL.
|
|
|
|
* cms.c: Use void * instead of char * for to avoid signedness
|
|
issues
|
|
|
|
* cert.c (hx509_cert_get_attribute): remove const, its not
|
|
|
|
* ks_p12.c: Cast size_t to unsigned long when print.
|
|
|
|
* name.c: Fix signedness warning.
|
|
|
|
* test_query.in: Use echo, the function check isn't defined here.
|
|
|
|
2005-08-11 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hxtool-commands.in: Add more options that was missing.
|
|
|
|
2005-07-28 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_cms.in: Use --certificate= for enveloped/unenvelope.
|
|
|
|
* hxtool.c: Use --certificate= for enveloped/unenvelope. Clean
|
|
up.
|
|
|
|
* test_cms.in: add EnvelopeData tests
|
|
|
|
* hxtool.c: use id-envelopedData for ContentInfo
|
|
|
|
* hxtool-commands.in: add contentinfo wrapping for create/unwrap
|
|
enveloped data
|
|
|
|
* hxtool.c: add contentinfo wrapping for create/unwrap enveloped
|
|
data
|
|
|
|
* data/gen-req.sh: add enveloped data (aes128)
|
|
|
|
* crypto.c: add "new" RC2 oid
|
|
|
|
2005-07-27 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hx_locl.h, cert.c: Add HX509_QUERY_MATCH_FUNCTION that allows
|
|
caller to match by function, note that this doesn't not work
|
|
directly for backends that implements ->query, they must do their
|
|
own processing. (I'm running out of flags, only 12 left now)
|
|
|
|
* test_cms.in: verify ContentInfo wrapping code in hxtool
|
|
|
|
* hxtool-commands.in (cms_create_sd): support wrapping in content
|
|
info spelling
|
|
|
|
* hxtool.c (cms_create_sd): support wrapping in content info
|
|
|
|
* test_cms.in: test more cms signeddata messages
|
|
|
|
* data/gen-req.sh: generate SignedData
|
|
|
|
* hxtool.c (cms_create_sd): support certificate store, add support
|
|
to unwrap a ContentInfo the SignedData inside.
|
|
|
|
* crypto.c: sprinkel rk_UNCONST
|
|
|
|
* crypto.c: add DER NULL to the digest oid's
|
|
|
|
* hxtool-commands.in: add --content-info to cms-verify-sd
|
|
|
|
* cms.c (hx509_cms_create_signed_1): pass in a full
|
|
AlgorithmIdentifier instead of heim_oid for digest_alg
|
|
|
|
* crypto.c: make digest_alg a digest_oid, it's not needed right
|
|
now
|
|
|
|
* hx509_err.et: add CERT_NOT_FOUND
|
|
|
|
* keyset.c (_hx509_certs_find): add error code for cert not
|
|
found
|
|
|
|
* cms.c (hx509_cms_verify_signed): add external store of
|
|
certificates, use the right digest algorithm identifier.
|
|
|
|
* cert.c: fix const warning
|
|
|
|
* ks_p12.c: slightly less verbose
|
|
|
|
* cert.c: add hx509_cert_find_subjectAltName_otherName, add
|
|
HX509_QUERY_MATCH_FRIENDLY_NAME
|
|
|
|
* hx509.h: add hx509_octet_string_list, remove bad comment
|
|
|
|
* hx_locl.h: add HX509_QUERY_MATCH_FRIENDLY_NAME
|
|
|
|
* keyset.c (hx509_certs_append): needs a hx509_lock, add one
|
|
|
|
* Makefile.am: add test cases tempfiles to CLEANFILES
|
|
|
|
* Makefile.am: add test_query to TESTS, fix dependency on hxtool
|
|
sources on hxtool-commands.h
|
|
|
|
* hxtool-commands.in: explain what signer is for create-sd
|
|
|
|
* hxtool.c: add query, add more options to verify-sd and create-sd
|
|
|
|
* test_cms.in: add more cms tests
|
|
|
|
* hxtool-commands.in: add query, add more options to verify-sd
|
|
|
|
* test_query.in: test query interface
|
|
|
|
* data: fix filenames for ds/ke files, add pkcs12 files, regen
|
|
|
|
* hxtool.c,Makefile.am,hxtool-commands.in: switch to slc
|
|
|
|
2005-07-26 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* cert.c (hx509_verify_destroy_ctx): add
|
|
|
|
* hxtool.c: free hx509_verify_ctx
|
|
|
|
* name.c (_hx509_name_ds_cmp): make sure all strings are not equal
|
|
|
|
2005-07-25 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* hxtool.c: return error
|
|
|
|
* keyset.c: return errors from iterations
|
|
|
|
* test_chain.in: clean up checks
|
|
|
|
* ks_file.c (parse_certificate): return errno's not 1 in case of
|
|
error
|
|
|
|
* ks_file.c (file_iter): make sure endpointer is NULL
|
|
|
|
* ks_mem.c (mem_iter): follow conversion and return NULL when we
|
|
get to the end, not ENOENT.
|
|
|
|
* Makefile.am: test_chain depends on hxtool
|
|
|
|
* data: test certs that lasts 10 years
|
|
|
|
* data/gen-req.sh: script to generate test certs
|
|
|
|
* Makefile.am: Add regression tests.
|
|
|
|
* data: test certificate and keys
|
|
|
|
* test_chain.in: test chain
|
|
|
|
* hxtool.c (cms_create_sd): add KU digitalSigature as a
|
|
requirement to the query
|
|
|
|
* hx_locl.h: add KeyUsage query bits
|
|
|
|
* hx509_err.et: add KeyUsage error
|
|
|
|
* cms.c: add checks for KeyUsage
|
|
|
|
* cert.c: more checks on KeyUsage, allow to query on them too
|
|
|
|
2005-07-24 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* cms.c: Add missing break.
|
|
|
|
* hx_locl.h,cms.c,cert.c: allow matching on SubjectKeyId
|
|
|
|
* hxtool.c: Use _hx509_map_file, _hx509_unmap_file and
|
|
_hx509_write_file.
|
|
|
|
* file.c (_hx509_write_file): in case of write error, return errno
|
|
|
|
* file.c (_hx509_write_file): add a function that write a data
|
|
blob to disk too
|
|
|
|
* Fix id-tags
|
|
|
|
* Import mostly complete X.509 and CMS library. Handles, PEM, DER,
|
|
PKCS12 encoded certicates. Verificate RSA chains and handled
|
|
CMS's SignedData, and EnvelopedData.
|
|
|
|
|