ChangeLog revision 178825
1178825Sdfr2008-01-21 Love H�rnquist �strand <lha@it.su.se> 2178825Sdfr 3178825Sdfr * test_soft_pkcs11.c: use func for more C_ functions. 4178825Sdfr 5178825Sdfr2008-01-18 Love H�rnquist �strand <lha@it.su.se> 6178825Sdfr 7178825Sdfr * version-script.map: Export hx509_free_error_string(). 8178825Sdfr 9178825Sdfr2008-01-17 Love H�rnquist �strand <lha@it.su.se> 10178825Sdfr 11178825Sdfr * version-script.map: only export C_GetFunctionList 12178825Sdfr 13178825Sdfr * test_soft_pkcs11.c: use C_GetFunctionList 14178825Sdfr 15178825Sdfr * softp11.c: fix comment, remove label. 16178825Sdfr 17178825Sdfr * softp11.c: Add option app-fatal to control if softtoken should 18178825Sdfr abort() on erroneous input from applications. 19178825Sdfr 20178825Sdfr2008-01-16 Love H�rnquist �strand <lha@it.su.se> 21178825Sdfr 22178825Sdfr * test_pkcs11.in: Test password less certificates too 23178825Sdfr 24178825Sdfr * keyset.c: document HX509_CERTS_UNPROTECT_ALL 25178825Sdfr 26178825Sdfr * ks_file.c: Support HX509_CERTS_UNPROTECT_ALL. 27178825Sdfr 28178825Sdfr * hx509.h: Add HX509_CERTS_UNPROTECT_ALL. 29178825Sdfr 30178825Sdfr * test_soft_pkcs11.c: Only log in if needed. 31178825Sdfr 32178825Sdfr2008-01-15 Love H�rnquist �strand <lha@it.su.se> 33178825Sdfr 34178825Sdfr * softp11.c: Support PINs to login to the store. 35178825Sdfr 36178825Sdfr * Makefile.am: add java pkcs11 test 37178825Sdfr 38178825Sdfr * test_java_pkcs11.in: first version of disable java test 39178825Sdfr 40178825Sdfr * softp11.c: Drop unused stuff. 41178825Sdfr 42178825Sdfr * cert.c: Spelling, Add hx509_cert_get_SPKI_AlgorithmIdentifier, 43178825Sdfr remove unused stuff, add hx509_context to some functions. 44178825Sdfr 45178825Sdfr * softp11.c: Add more glue to figure out what keytype this 46178825Sdfr certificate is using. 47178825Sdfr 48178825Sdfr2008-01-14 Love H�rnquist �strand <lha@it.su.se> 49178825Sdfr 50178825Sdfr * test_pkcs11.in: test debug 51178825Sdfr 52178825Sdfr * Add a PKCS11 provider supporting signing and verifing sigatures. 53178825Sdfr 54178825Sdfr2008-01-13 Love H�rnquist �strand <lha@it.su.se> 55178825Sdfr 56178825Sdfr * version-script.map: Replace hx509_name_to_der_name with 57178825Sdfr hx509_name_binary. 58178825Sdfr 59178825Sdfr * print.c: make print_func static 60178825Sdfr 61178825Sdfr2007-12-26 Love H�rnquist �strand <lha@it.su.se> 62178825Sdfr 63178825Sdfr * print.c: doxygen 64178825Sdfr 65178825Sdfr * env.c: doxygen 66178825Sdfr 67178825Sdfr * doxygen.c: add more groups 68178825Sdfr 69178825Sdfr * ca.c: doxygen. 70178825Sdfr 71178825Sdfr2007-12-17 Love H�rnquist �strand <lha@it.su.se> 72178825Sdfr 73178825Sdfr * ca.c: doxygen 74178825Sdfr 75178825Sdfr2007-12-16 Love H�rnquist �strand <lha@it.su.se> 76178825Sdfr 77178825Sdfr * error.c: doxygen 78178825Sdfr 79178825Sdfr2007-12-15 Love H�rnquist �strand <lha@it.su.se> 80178825Sdfr 81178825Sdfr * More documentation 82178825Sdfr 83178825Sdfr * lock.c: Add page referance 84178825Sdfr 85178825Sdfr * keyset.c: some more documentation. 86178825Sdfr 87178825Sdfr * cms.c: Doxygen documentation. 88178825Sdfr 89178825Sdfr2007-12-11 Love H�rnquist �strand <lha@it.su.se> 90178825Sdfr 91178825Sdfr * *.[ch]: More documentation 92178825Sdfr 93178825Sdfr2007-12-09 Love H�rnquist �strand <lha@it.su.se> 94178825Sdfr 95178825Sdfr * handle refcount on NULL. 96178825Sdfr 97178825Sdfr * test_nist_pkcs12.in: drop echo -n, doesn't work with posix sh 98178825Sdfr 99178825Sdfr2007-12-08 Love H�rnquist �strand <lha@it.su.se> 100178825Sdfr 101178825Sdfr * test_nist2.in: Print that this is version 2 of the tests 102178825Sdfr 103178825Sdfr * test_nist.in: Drop printing of $id. 104178825Sdfr 105178825Sdfr * hx509.h: Add HX509_VHN_F_ALLOW_NO_MATCH. 106178825Sdfr 107178825Sdfr * name.c: spelling. 108178825Sdfr 109178825Sdfr * cert.c: make work the doxygen. 110178825Sdfr 111178825Sdfr * name.c: fix doxygen compiling. 112178825Sdfr 113178825Sdfr * Makefile.am: add doxygen.c 114178825Sdfr 115178825Sdfr * doxygen.c: Add doxygen main page. 116178825Sdfr 117178825Sdfr * cert.c: Add doxygen. 118178825Sdfr 119178825Sdfr * revoke.c (_hx509_revoke_ref): new function. 120178825Sdfr 121178825Sdfr2007-11-16 Love H�rnquist �strand <lha@it.su.se> 122178825Sdfr 123178825Sdfr * ks_keychain.c: Check if SecKeyGetCSPHandle needs prototype. 124178825Sdfr 125178825Sdfr2007-08-16 Love H�rnquist �strand <lha@it.su.se> 126178825Sdfr 127178825Sdfr * data/nist-data: Make work on case senstive filesystems too. 128178825Sdfr 129178825Sdfr2007-08-09 Love H�rnquist �strand <lha@it.su.se> 130178825Sdfr 131178825Sdfr * cert.c: match rfc822 contrains better, provide better error 132178825Sdfr strings. 133178825Sdfr 134178825Sdfr2007-08-08 Love H�rnquist �strand <lha@it.su.se> 135178825Sdfr 136178825Sdfr * cert.c: "self-signed doesn't count" doesn't apply to trust 137178825Sdfr anchor certificate. make trust anchor check consistant. 138178825Sdfr 139178825Sdfr * revoke.c: make compile. 140178825Sdfr 141178825Sdfr * revoke.c (verify_crl): set error strings. 142178825Sdfr 143178825Sdfr * revoke.c (verify_crl): handle with the signer is the 144178825Sdfr CRLsigner (shortcut). 145178825Sdfr 146178825Sdfr * cert.c: Fix NC, comment on how to use _hx509_check_key_usage. 147178825Sdfr 148178825Sdfr2007-08-03 Love H�rnquist �strand <lha@it.su.se> 149178825Sdfr 150178825Sdfr * test_nist2.in, Makefile, test/nist*: Add nist pkits tests. 151178825Sdfr 152178825Sdfr * revoke.c: Update to use CERT_REVOKED error, shortcut out of OCSP 153178825Sdfr checking when OCSP reply is a revocation reply. 154178825Sdfr 155178825Sdfr * hx509_err.et: Make CERT_REVOKED error OCSP/CRL agnostic. 156178825Sdfr 157178825Sdfr * name.c (_hx509_Name_to_string): make printableString handle 158178825Sdfr space (0x20) diffrences as required by rfc3280. 159178825Sdfr 160178825Sdfr * revoke.c: Search for the right issuer when looking for the 161178825Sdfr issuer of the CRL signer. 162178825Sdfr 163178825Sdfr2007-08-02 Love H�rnquist �strand <lha@it.su.se> 164178825Sdfr 165178825Sdfr * revoke.c: Handle CRL signing certificate better, try to not 166178825Sdfr revalidate invalid CRLs over and over. 167178825Sdfr 168178825Sdfr2007-08-01 Love H�rnquist �strand <lha@it.su.se> 169178825Sdfr 170178825Sdfr * cms.c: remove stale comment. 171178825Sdfr 172178825Sdfr * test_nist.in: Unpack PKITS_data.zip and run tests. 173178825Sdfr 174178825Sdfr * test_nist_cert.in: Adapt to new nist pkits framework. 175178825Sdfr 176178825Sdfr * test_nist_pkcs12.in: Adapt to new nist pkits framework. 177178825Sdfr 178178825Sdfr * Makefile.am: clean PKITS_data 179178825Sdfr 180178825Sdfr2007-07-16 Love H�rnquist �strand <lha@it.su.se> 181178825Sdfr 182178825Sdfr * Makefile.am: Add version-script.map to EXTRA_DIST 183178825Sdfr 184178825Sdfr2007-07-12 Love H�rnquist �strand <lha@it.su.se> 185178825Sdfr 186178825Sdfr * Makefile.am: Add depenency on asn1_compile for asn1 built files. 187178825Sdfr 188178825Sdfr2007-07-10 Love H�rnquist �strand <lha@it.su.se> 189178825Sdfr 190178825Sdfr * peer.c: update (c), indent. 191178825Sdfr 192178825Sdfr * Makefile.am: New library version. 193178825Sdfr 194178825Sdfr2007-06-28 Love H�rnquist �strand <lha@it.su.se> 195178825Sdfr 196178825Sdfr * ks_p11.c: Add sha2 types. 197178825Sdfr 198178825Sdfr * ref/pkcs11.h: Sync with scute. 199178825Sdfr 200178825Sdfr * ref/pkcs11.h: Add sha2 CKM's. 201178825Sdfr 202178825Sdfr * print.c: Print authorityInfoAccess. 203178825Sdfr 204178825Sdfr * cert.c: Rename proxyCertInfo oid. 205178825Sdfr 206178825Sdfr * ca.c: Rename proxyCertInfo oid. 207178825Sdfr 208178825Sdfr * print.c: Rename proxyCertInfo oid. 209178825Sdfr 210178825Sdfr2007-06-26 Love H�rnquist �strand <lha@it.su.se> 211178825Sdfr 212178825Sdfr * test_ca.in: Adapt to new request handling. 213178825Sdfr 214178825Sdfr * req.c: Allow export some of the request parameters. 215178825Sdfr 216178825Sdfr * hxtool-commands.in: Adapt to new request handling. 217178825Sdfr 218178825Sdfr * hxtool.c: Adapt to new request handling. 219178825Sdfr 220178825Sdfr * test_req.in: Adapt to new request handling. 221178825Sdfr 222178825Sdfr * version-script.map: Add initialize_hx_error_table_r. 223178825Sdfr 224178825Sdfr * req.c: Move _hx509_request_print here. 225178825Sdfr 226178825Sdfr * hxtool.c: use _hx509_request_print 227178825Sdfr 228178825Sdfr * version-script.map: Export more crap^W semiprivate functions. 229178825Sdfr 230178825Sdfr * hxtool.c: don't _hx509_abort 231178825Sdfr 232178825Sdfr * version-script.map: add missing ; 233178825Sdfr 234178825Sdfr2007-06-25 Love H�rnquist �strand <lha@it.su.se> 235178825Sdfr 236178825Sdfr * cms.c: Use hx509_crypto_random_iv. 237178825Sdfr 238178825Sdfr * crypto.c: Split out the iv creation from hx509_crypto_encrypt 239178825Sdfr since _hx509_pbe_encrypt needs to use the iv from the s2k 240178825Sdfr function. 241178825Sdfr 242178825Sdfr * test_cert.in: Test PEM and DER FILE writing functionallity. 243178825Sdfr 244178825Sdfr * ks_file.c: Add writing DER certificates. 245178825Sdfr 246178825Sdfr * hxtool.c: Update to new hx509_pem_write(). 247178825Sdfr 248178825Sdfr * test_cms.in: test creation of PEM signeddata. 249178825Sdfr 250178825Sdfr * hx509.h: PEM struct/function declarations. 251178825Sdfr 252178825Sdfr * ks_file.c: Use PEM encoding/decoding functions. 253178825Sdfr 254178825Sdfr * file.c: PEM encode/decoding functions. 255178825Sdfr 256178825Sdfr * ks_file.c: Use hx509_pem_write. 257178825Sdfr 258178825Sdfr * version-script.map: Export some semi-private functions. 259178825Sdfr 260178825Sdfr * hxtool.c: Enable writing out signed data as a pem attachment. 261178825Sdfr 262178825Sdfr * hxtool-commands.in (cms-create-signed): add --pem 263178825Sdfr 264178825Sdfr * file.c (hx509_pem_write): Add. 265178825Sdfr 266178825Sdfr * test_ca.in: Issue and test null subject cert. 267178825Sdfr 268178825Sdfr * cert.c: Match is first component is in a CN=. 269178825Sdfr 270178825Sdfr * test_ca.in: Test hostname if first CN. 271178825Sdfr 272178825Sdfr * Makefile.am: Add version script. 273178825Sdfr 274178825Sdfr * version-script.map: Limited exported symbols. 275178825Sdfr 276178825Sdfr * test_ca.in: test --hostname. 277178825Sdfr 278178825Sdfr * test_chain.in: test max-depth 279178825Sdfr 280178825Sdfr * hx509.h: fixate HX509_HN_HOSTNAME at 0. 281178825Sdfr 282178825Sdfr * hxtool-commands.in: add --hostname add --max-depth 283178825Sdfr 284178825Sdfr * cert.c: Verify hostname and max-depth. 285178825Sdfr 286178825Sdfr * hxtool.c: Verify hostname and test max-depth. 287178825Sdfr 288178825Sdfr2007-06-24 Love H�rnquist �strand <lha@it.su.se> 289178825Sdfr 290178825Sdfr * test_cms.in: Test --id-by-name. 291178825Sdfr 292178825Sdfr * hxtool-commands.in: add cms-create-sd --id-by-name 293178825Sdfr 294178825Sdfr * hxtool.c: Use HX509_CMS_SIGATURE_ID_NAME. 295178825Sdfr 296178825Sdfr * cms.c: Implement and use HX509_CMS_SIGATURE_ID_NAME. 297178825Sdfr 298178825Sdfr * hx509.h: Add HX509_CMS_SIGATURE_ID_NAME, use subject name for 299178825Sdfr CMS.Identifier. hx509_hostname_type: add hostname type for 300178825Sdfr matching. 301178825Sdfr 302178825Sdfr * cert.c (match_general_name): more strict rfc822Name matching. 303178825Sdfr (hx509_verify_hostname): add hostname type for matching. 304178825Sdfr 305178825Sdfr2007-06-19 Love H�rnquist �strand <lha@it.su.se> 306178825Sdfr 307178825Sdfr * hxtool.c: Make compile again. 308178825Sdfr 309178825Sdfr * hxtool.c: Added peap-server for to make windows peap clients 310178825Sdfr happy. 311178825Sdfr 312178825Sdfr * hxtool.c: Unify parse_oid code. 313178825Sdfr 314178825Sdfr * hxtool.c: Implement --content-type. 315178825Sdfr 316178825Sdfr * hxtool-commands.in: Add content-type. 317178825Sdfr 318178825Sdfr * test_cert.in: more cert and keyset tests. 319178825Sdfr 320178825Sdfr2007-06-18 Love H�rnquist �strand <lha@it.su.se> 321178825Sdfr 322178825Sdfr * revoke.c: Avoid stomping on NULL. 323178825Sdfr 324178825Sdfr * revoke.c: Avoid reusing i. 325178825Sdfr 326178825Sdfr * cert.c: Provide __attribute__ for _hx509_abort. 327178825Sdfr 328178825Sdfr * ks_file.c: Fail if not finding iv. 329178825Sdfr 330178825Sdfr * keyset.c: Avoid useing freed memory. 331178825Sdfr 332178825Sdfr * crypto.c: Free memory in failure case. 333178825Sdfr 334178825Sdfr * crypto.c: Free memory in failure case. 335178825Sdfr 336178825Sdfr2007-06-12 Love H�rnquist �strand <lha@it.su.se> 337178825Sdfr 338178825Sdfr * *.c: Add hx509_cert_init_data and use everywhere 339178825Sdfr 340178825Sdfr * hx_locl.h: Now that KEYCHAIN:system-anchors is fast again, use 341178825Sdfr that. 342178825Sdfr 343178825Sdfr * ks_keychain.c: Implement trust anchor support with 344178825Sdfr SecTrustCopyAnchorCertificates. 345178825Sdfr 346178825Sdfr * keyset.c: Set ref to 1 for the new object. 347178825Sdfr 348178825Sdfr * cert.c: Fix logic for allow_default_trust_anchors 349178825Sdfr 350178825Sdfr * keyset.c: Add refcounting to keystores. 351178825Sdfr 352178825Sdfr * cert.c: Change logic for default trust anchors, make it be 353178825Sdfr either default trust anchor, the user supplied, or non at all. 354178825Sdfr 355178825Sdfr2007-06-08 Love H�rnquist �strand <lha@it.su.se> 356178825Sdfr 357178825Sdfr * Makefile.am: Add data/j.pem. 358178825Sdfr 359178825Sdfr * Makefile.am: Add test_windows.in. 360178825Sdfr 361178825Sdfr2007-06-06 Love H�rnquist �strand <lha@it.su.se> 362178825Sdfr 363178825Sdfr * ks_keychain.c: rename functions, leaks less memory and more 364178825Sdfr paranoia. 365178825Sdfr 366178825Sdfr * test_cms.in: Test cms peer-alg. 367178825Sdfr 368178825Sdfr * crypto.c (rsa_create_signature): make oid_id_pkcs1_rsaEncryption 369178825Sdfr mean rsa-with-sha1 but oid oid_id_pkcs1_rsaEncryption in algorithm 370178825Sdfr field. XXX should probably use another algorithmIdentifier for 371178825Sdfr this. 372178825Sdfr 373178825Sdfr * peer.c: Make free function return void. 374178825Sdfr 375178825Sdfr * cms.c (hx509_cms_create_signed_1): Use hx509_peer_info to select 376178825Sdfr the signature algorithm too. 377178825Sdfr 378178825Sdfr * hxtool-commands.in: Add cms-create-sd --peer-alg. 379178825Sdfr 380178825Sdfr * req.c: Use _hx509_crypto_default_sig_alg. 381178825Sdfr 382178825Sdfr * test_windows.in: Create crl, because everyone needs one. 383178825Sdfr 384178825Sdfr * Makefile.am: add wcrl.crl 385178825Sdfr 386178825Sdfr2007-06-05 Love H�rnquist �strand <lha@it.su.se> 387178825Sdfr 388178825Sdfr * hx_locl.h: Disable KEYCHAIN for now, its slow. 389178825Sdfr 390178825Sdfr * cms.c: When we are not using pkcs7-data, avoid seing 391178825Sdfr signedAttributes since some clients get upset by that (pkcs7 based 392178825Sdfr or just plain broken). 393178825Sdfr 394178825Sdfr * ks_keychain.c: Provide rsa signatures. 395178825Sdfr 396178825Sdfr * ks_keychain.c: Limit the searches to the selected keychain. 397178825Sdfr 398178825Sdfr * ks_keychain.c: include -framework Security specific header files 399178825Sdfr after #ifdef 400178825Sdfr 401178825Sdfr * ks_keychain.c: Find and attach private key (does not provide 402178825Sdfr operations yet though). 403178825Sdfr 404178825Sdfr * ks_p11.c: Prefix rsa method with p11_ 405178825Sdfr 406178825Sdfr * ks_keychain.c: Allow opening a specific chain, making "system" 407178825Sdfr special and be the system X509Anchors file. By not specifing any 408178825Sdfr keychain ("KEYCHAIN:"), all keychains are probed. 409178825Sdfr 410178825Sdfr2007-06-04 Love H�rnquist �strand <lha@it.su.se> 411178825Sdfr 412178825Sdfr * hxtool.c (verify): Friendlier error message. 413178825Sdfr 414178825Sdfr * cert.c: Read in and use default trust anchors if they exists. 415178825Sdfr 416178825Sdfr * hx_locl.h: Add concept of default_trust_anchors. 417178825Sdfr 418178825Sdfr * ks_keychain.c: Remove err(), remove extra empty comment, fix 419178825Sdfr _iter function. 420178825Sdfr 421178825Sdfr * error.c (hx509_get_error_string): if the error code is not the 422178825Sdfr one we expect, punt and use the default com_err/strerror string 423178825Sdfr instead. 424178825Sdfr 425178825Sdfr * keyset.c (hx509_certs_merge): its ok to merge in the NULL set of 426178825Sdfr certs. 427178825Sdfr 428178825Sdfr * test_windows.in: Fix status string. 429178825Sdfr 430178825Sdfr * ks_p12.c (store_func): free whole CertBag, not just the data 431178825Sdfr part. 432178825Sdfr 433178825Sdfr * print.c: Check that the self-signed cert is really self-signed. 434178825Sdfr 435178825Sdfr * print.c: Use selfsigned for CRL DP whine, tell if its a 436178825Sdfr self-signed. 437178825Sdfr 438178825Sdfr * print.c: Whine if its a non CA/proxy and doesn't have CRL DP. 439178825Sdfr 440178825Sdfr * ca.c: Add cRLSign to CA certs. 441178825Sdfr 442178825Sdfr * cert.c: Register NULL and KEYCHAIN. 443178825Sdfr 444178825Sdfr * ks_null.c: register the NULL keystore. 445178825Sdfr 446178825Sdfr * Makefile.am: Add ks_keychain.c and related libs. 447178825Sdfr 448178825Sdfr * test_crypto.in: Print certificate with utf8. 449178825Sdfr 450178825Sdfr * print.c: Leak less memory. 451178825Sdfr 452178825Sdfr * hxtool.c: Leak less memory. 453178825Sdfr 454178825Sdfr * print.c: Leak less memory, use functions that does same but 455178825Sdfr more. 456178825Sdfr 457178825Sdfr * name.c (quote_string): don't sign extend the (signed) char to 458178825Sdfr avoid printing too much, add an assert to check that we didn't 459178825Sdfr overrun the buffer. 460178825Sdfr 461178825Sdfr * name.c: Use right element out of the CHOICE for printableString 462178825Sdfr and utf8String 463178825Sdfr 464178825Sdfr * ks_keychain.c: Certificate only KeyChain backend. 465178825Sdfr 466178825Sdfr * name.c: Reset name before parsing it. 467178825Sdfr 468178825Sdfr2007-06-03 Love H�rnquist �strand <lha@it.su.se> 469178825Sdfr 470178825Sdfr * revoke.c (hx509_crl_*): fix sizeof() mistakes to fix memory 471178825Sdfr corruption. 472178825Sdfr 473178825Sdfr * hxtool.c: Add lifetime to crls. 474178825Sdfr 475178825Sdfr * hxtool-commands.in: Add lifetime to crls. 476178825Sdfr 477178825Sdfr * revoke.c: Add lifetime to crls. 478178825Sdfr 479178825Sdfr * test_ca.in: More crl checks. 480178825Sdfr 481178825Sdfr * revoke.c: Add revoking certs. 482178825Sdfr 483178825Sdfr * hxtool-commands.in: argument is certificates.. for crl-sign 484178825Sdfr 485178825Sdfr * hxtool.c (certificate_copy): free lock 486178825Sdfr 487178825Sdfr * revoke.c: Fix hx509_set_error_string calls, add 488178825Sdfr hx509_crl_add_revoked_certs(), implement hx509_crl_{alloc,free}. 489178825Sdfr 490178825Sdfr * hxtool.c (crl_sign): free lock 491178825Sdfr 492178825Sdfr * cert.c (hx509_context_free): free querystat 493178825Sdfr 494178825Sdfr2007-06-02 Love H�rnquist �strand <lha@it.su.se> 495178825Sdfr 496178825Sdfr * test_chain.in: test ocsp-verify 497178825Sdfr 498178825Sdfr * revoke.c (hx509_ocsp_verify): explain what its useful for and 499178825Sdfr provide sane error message. 500178825Sdfr 501178825Sdfr * hx509_err.et: New error code, CERT_NOT_IN_OCSP 502178825Sdfr 503178825Sdfr * hxtool.c: New command ocsp-verify, check if ocsp contains all 504178825Sdfr certs and are valid (exist and non expired). 505178825Sdfr 506178825Sdfr * hxtool-commands.in: New command ocsp-verify. 507178825Sdfr 508178825Sdfr2007-06-01 Love H�rnquist �strand <lha@it.su.se> 509178825Sdfr 510178825Sdfr * test_ca.in: Create crl and verify that is works. 511178825Sdfr 512178825Sdfr * hxtool.c: Sign CRL command. 513178825Sdfr 514178825Sdfr * hx509.h: Add hx509_crl. 515178825Sdfr 516178825Sdfr * hxtool-commands.in: Add crl-sign commands. 517178825Sdfr 518178825Sdfr * revoke.c: Support to generate an empty CRL. 519178825Sdfr 520178825Sdfr * tst-crypto-select2: Switched default types. 521178825Sdfr 522178825Sdfr * tst-crypto-select1: Switched default types. 523178825Sdfr 524178825Sdfr * ca.c: Use default AlgorithmIdentifier. 525178825Sdfr 526178825Sdfr * cms.c: Use default AlgorithmIdentifier. 527178825Sdfr 528178825Sdfr * crypto.c: Provide default AlgorithmIdentifier and use them. 529178825Sdfr 530178825Sdfr * hx_locl.h: Provide default AlgorithmIdentifier. 531178825Sdfr 532178825Sdfr * keyset.c (hx509_certs_find): collects stats for queries. 533178825Sdfr 534178825Sdfr * cert.c: Sort and print more info. 535178825Sdfr 536178825Sdfr * hx_locl.h: Add querystat to hx509_context. 537178825Sdfr 538178825Sdfr * test_*.in: sprinle stat saveing 539178825Sdfr 540178825Sdfr * Makefile.am: Add stat and objdir. 541178825Sdfr 542178825Sdfr * collector.c (_hx509_collector_alloc): return error code instead 543178825Sdfr of pointer. 544178825Sdfr 545178825Sdfr * hxtool.c: Add statistic hook. 546178825Sdfr 547178825Sdfr * ks_file.c: Update _hx509_collector_alloc prototype. 548178825Sdfr 549178825Sdfr * ks_p12.c: Update _hx509_collector_alloc prototype. 550178825Sdfr 551178825Sdfr * ks_p11.c: Update _hx509_collector_alloc prototype. 552178825Sdfr 553178825Sdfr * hxtool-commands.in: Add statistics hook. 554178825Sdfr 555178825Sdfr * cert.c: Statistics printing. 556178825Sdfr 557178825Sdfr * ks_p12.c: plug memory leak 558178825Sdfr 559178825Sdfr * ca.c (hx509_ca_tbs_add_crl_dp_uri): plug memory leak 560178825Sdfr 561178825Sdfr2007-05-31 Love H�rnquist �strand <lha@it.su.se> 562178825Sdfr 563178825Sdfr * print.c: print utf8 type SAN's 564178825Sdfr 565178825Sdfr * Makefile.am: Fix windows client cert name. 566178825Sdfr 567178825Sdfr * test_windows.in: Add crl-uri for the ee certs. 568178825Sdfr 569178825Sdfr * print.c: Printf formating. 570178825Sdfr 571178825Sdfr * ca.c: Add glue for adding CRL dps. 572178825Sdfr 573178825Sdfr * test_ca.in: Readd the crl adding code, it works (somewhat) now. 574178825Sdfr 575178825Sdfr * print.c: Fix printing of CRL DPnames (I hate IMPLICIT encoded 576178825Sdfr structures). 577178825Sdfr 578178825Sdfr * hxtool-commands.in: make ca and alias of certificate-sign 579178825Sdfr 580178825Sdfr2007-05-30 Love H�rnquist �strand <lha@it.su.se> 581178825Sdfr 582178825Sdfr * crypto.c (hx509_crypto_select): copy AI to the right place. 583178825Sdfr 584178825Sdfr * hxtool-commands.in: Add ca --ms-upn. 585178825Sdfr 586178825Sdfr * hxtool.c: add --ms-upn and add more EKU's for pk-init client. 587178825Sdfr 588178825Sdfr * ca.c: Add hx509_ca_tbs_add_san_ms_upn and refactor code. 589178825Sdfr 590178825Sdfr * test_crypto.in: Resurect killed e. 591178825Sdfr 592178825Sdfr * test_crypto.in: check for aes256-cbc 593178825Sdfr 594178825Sdfr * tst-crypto-select7: check for aes256-cbc 595178825Sdfr 596178825Sdfr * test_windows.in: test windows stuff 597178825Sdfr 598178825Sdfr * hxtool.c: add ca --domain-controller option, add secret key 599178825Sdfr option to avaible. 600178825Sdfr 601178825Sdfr * ca.c: Add hx509_ca_tbs_set_domaincontroller. 602178825Sdfr 603178825Sdfr * hxtool-commands.in: add ca --domain-controller 604178825Sdfr 605178825Sdfr * hxtool.c: hook for testing secrety key algs 606178825Sdfr 607178825Sdfr * crypto.c: Add selection code for secret key crypto. 608178825Sdfr 609178825Sdfr * hx509.h: Add HX509_SELECT_SECRET_ENC. 610178825Sdfr 611178825Sdfr2007-05-13 Love H�rnquist �strand <lha@it.su.se> 612178825Sdfr 613178825Sdfr * ks_p11.c: add more mechtypes 614178825Sdfr 615178825Sdfr2007-05-10 Love H�rnquist �strand <lha@it.su.se> 616178825Sdfr 617178825Sdfr * print.c: Indent. 618178825Sdfr 619178825Sdfr * hxtool-commands.in: add test-crypto command 620178825Sdfr 621178825Sdfr * hxtool.c: test crypto command 622178825Sdfr 623178825Sdfr * cms.c (hx509_cms_create_signed_1): if no eContentType is given, 624178825Sdfr use pkcs7-data. 625178825Sdfr 626178825Sdfr * print.c: add Netscape cert comment 627178825Sdfr 628178825Sdfr * crypto.c: Try both the empty password and the NULL 629178825Sdfr password (nothing vs the octet string \x00\x00). 630178825Sdfr 631178825Sdfr * print.c: Add some US Fed PKI oids. 632178825Sdfr 633178825Sdfr * ks_p11.c: Add some more hashes. 634178825Sdfr 635178825Sdfr2007-04-24 Love H�rnquist �strand <lha@it.su.se> 636178825Sdfr 637178825Sdfr * hxtool.c (crypto_select): stop memory leak 638178825Sdfr 639178825Sdfr2007-04-19 Love H�rnquist �strand <lha@it.su.se> 640178825Sdfr 641178825Sdfr * peer.c (hx509_peer_info_free): free memory used too 642178825Sdfr 643178825Sdfr * hxtool.c (crypto_select): only free peer if it was used. 644178825Sdfr 645178825Sdfr2007-04-18 Love H�rnquist �strand <lha@it.su.se> 646178825Sdfr 647178825Sdfr * hxtool.c: free template 648178825Sdfr 649178825Sdfr * ks_mem.c (mem_free): free key array too 650178825Sdfr 651178825Sdfr * hxtool.c: free private key and tbs 652178825Sdfr 653178825Sdfr * hxtool.c (hxtool_ca): free signer 654178825Sdfr 655178825Sdfr * hxtool.c (crypto_available): free peer too. 656178825Sdfr 657178825Sdfr * ca.c (get_AuthorityKeyIdentifier): leak less memory 658178825Sdfr 659178825Sdfr * hxtool.c (hxtool_ca): free SPKI 660178825Sdfr 661178825Sdfr * hxtool.c (hxtool_ca): free cert 662178825Sdfr 663178825Sdfr * ks_mem.c (mem_getkeys): allocate one more the we have elements 664178825Sdfr so its possible to store the NULL pointer at the end. 665178825Sdfr 666178825Sdfr2007-04-16 Love H�rnquist �strand <lha@it.su.se> 667178825Sdfr 668178825Sdfr * Makefile.am: CLEANFILES += cert-null.pem cert-sub-ca2.pem 669178825Sdfr 670178825Sdfr2007-02-05 Love H�rnquist �strand <lha@it.su.se> 671178825Sdfr 672178825Sdfr * ca.c: Disable CRLDistributionPoints for now, its IMPLICIT code 673178825Sdfr in the asn1 parser. 674178825Sdfr 675178825Sdfr * print.c: Add some more \n's. 676178825Sdfr 677178825Sdfr2007-02-03 Love H�rnquist �strand <lha@it.su.se> 678178825Sdfr 679178825Sdfr * file.c: Allow mapping using heim_octet_string. 680178825Sdfr 681178825Sdfr * hxtool.c: Add options to generate detached signatures. 682178825Sdfr 683178825Sdfr * cms.c: Add flags to generate detached signatures. 684178825Sdfr 685178825Sdfr * hx509.h: Flag to generate detached signatures. 686178825Sdfr 687178825Sdfr * test_cms.in: Support detached sigatures. 688178825Sdfr 689178825Sdfr * name.c (hx509_general_name_unparse): unparse the other 690178825Sdfr GeneralName nametypes. 691178825Sdfr 692178825Sdfr * print.c: Use less printf. Use hx509_general_name_unparse. 693178825Sdfr 694178825Sdfr * cert.c: Fix printing and plug leak-on-error. 695178825Sdfr 696178825Sdfr2007-01-31 Love H�rnquist �strand <lha@it.su.se> 697178825Sdfr 698178825Sdfr * test_ca.in: Add test for ca --crl-uri. 699178825Sdfr 700178825Sdfr * hxtool.c: Add ca --crl-uri. 701178825Sdfr 702178825Sdfr * hxtool-commands.in: add ca --crl-uri 703178825Sdfr 704178825Sdfr * ca.c: Code to set CRLDistributionPoints in certificates. 705178825Sdfr 706178825Sdfr * print.c: Check CRLDistributionPointNames. 707178825Sdfr 708178825Sdfr * name.c (hx509_general_name_unparse): function for unparsing 709178825Sdfr GeneralName, only supports GeneralName.URI 710178825Sdfr 711178825Sdfr * cert.c (is_proxy_cert): free info if we wont return it. 712178825Sdfr 713178825Sdfr2007-01-30 Love H�rnquist �strand <lha@it.su.se> 714178825Sdfr 715178825Sdfr * hxtool.c: Try to help how to use this command. 716178825Sdfr 717178825Sdfr2007-01-21 Love H�rnquist �strand <lha@it.su.se> 718178825Sdfr 719178825Sdfr * switch to sha256 as default digest for signing 720178825Sdfr 721178825Sdfr2007-01-20 Love H�rnquist �strand <lha@it.su.se> 722178825Sdfr 723178825Sdfr * test_ca.in: Really test sub-ca code, add basic constraints tests 724178825Sdfr 725178825Sdfr2007-01-17 Love H�rnquist �strand <lha@it.su.se> 726178825Sdfr 727178825Sdfr * Makefile.am: Fix makefile problem. 728178825Sdfr 729178825Sdfr2007-01-16 Love H�rnquist �strand <lha@it.su.se> 730178825Sdfr 731178825Sdfr * hxtool.c: Set num of bits before we generate the key. 732178825Sdfr 733178825Sdfr2007-01-15 Love H�rnquist �strand <lha@it.su.se> 734178825Sdfr 735178825Sdfr * cms.c (hx509_cms_create_signed_1): use hx509_cert_binary 736178825Sdfr 737178825Sdfr * ks_p12.c (store_func): use hx509_cert_binary 738178825Sdfr 739178825Sdfr * ks_file.c (store_func): use hx509_cert_binary 740178825Sdfr 741178825Sdfr * cert.c (hx509_cert_binary): return binary encoded 742178825Sdfr certificate (DER format) 743178825Sdfr 744178825Sdfr2007-01-14 Love H�rnquist �strand <lha@it.su.se> 745178825Sdfr 746178825Sdfr * ca.c (hx509_ca_tbs_subject_expand): new function. 747178825Sdfr 748178825Sdfr * name.c (hx509_name_expand): if env is NULL, return directly 749178825Sdfr 750178825Sdfr * test_ca.in: test template handling 751178825Sdfr 752178825Sdfr * hx509.h: Add template flags. 753178825Sdfr 754178825Sdfr * Makefile.am: clean out new files 755178825Sdfr 756178825Sdfr * hxtool.c: Add certificate template processing, fix hx509_err 757178825Sdfr usage. 758178825Sdfr 759178825Sdfr * hxtool-commands.in: Add certificate template processing. 760178825Sdfr 761178825Sdfr * ca.c: Add certificate template processing. Fix return messages 762178825Sdfr from hx509_ca_tbs_add_eku. 763178825Sdfr 764178825Sdfr * cert.c: Export more stuff from certificate. 765178825Sdfr 766178825Sdfr2007-01-13 Love H�rnquist �strand <lha@it.su.se> 767178825Sdfr 768178825Sdfr * ca.c: update (c) 769178825Sdfr 770178825Sdfr * ca.c: (hx509_ca_tbs_add_eku): filter out dups. 771178825Sdfr 772178825Sdfr * hxtool.c: Add type email and add email eku when using option 773178825Sdfr --email. 774178825Sdfr 775178825Sdfr * Makefile.am: add env.c 776178825Sdfr 777178825Sdfr * name.c: Remove abort, add error handling. 778178825Sdfr 779178825Sdfr * test_name.c: test name expansion 780178825Sdfr 781178825Sdfr * name.c: add hx509_name_expand 782178825Sdfr 783178825Sdfr * env.c: key-value pair help functions 784178825Sdfr 785178825Sdfr2007-01-12 Love H�rnquist �strand <lha@it.su.se> 786178825Sdfr 787178825Sdfr * ca.c: Don't issue certs with subject DN that is NULL and have no 788178825Sdfr SANs 789178825Sdfr 790178825Sdfr * print.c: Fix previous test. 791178825Sdfr 792178825Sdfr * print.c: Check there is a SAN if subject DN is NULL. 793178825Sdfr 794178825Sdfr * test_ca.in: test email, null subject dn 795178825Sdfr 796178825Sdfr * hxtool.c: Allow setting parameters to private key generation. 797178825Sdfr 798178825Sdfr * hx_locl.h: Allow setting parameters to private key generation. 799178825Sdfr 800178825Sdfr * crypto.c: Allow setting parameters to private key generation. 801178825Sdfr 802178825Sdfr * hxtool.c (eval_types): add jid if user gave one 803178825Sdfr 804178825Sdfr * hxtool-commands.in (certificate-sign): add --jid 805178825Sdfr 806178825Sdfr * ca.c (hx509_ca_tbs_add_san_jid): Allow adding 807178825Sdfr id-pkix-on-xmppAddr OtherName. 808178825Sdfr 809178825Sdfr * print.c: Print id-pkix-on-xmppAddr OtherName. 810178825Sdfr 811178825Sdfr2007-01-11 Love H�rnquist �strand <lha@it.su.se> 812178825Sdfr 813178825Sdfr * no random, no RSA/DH tests 814178825Sdfr 815178825Sdfr * hxtool.c (info): print status of random generator 816178825Sdfr 817178825Sdfr * Makefile.am: remove files created by tests 818178825Sdfr 819178825Sdfr * error.c: constify 820178825Sdfr 821178825Sdfr * name.c: constify 822178825Sdfr 823178825Sdfr * revoke.c: constify 824178825Sdfr 825178825Sdfr * hx_locl.h: constify 826178825Sdfr 827178825Sdfr * keyset.c: constify 828178825Sdfr 829178825Sdfr * ks_p11.c: constify 830178825Sdfr 831178825Sdfr * hx_locl.h: make printinfo char * argument const. 832178825Sdfr 833178825Sdfr * cms.c: move _hx509_set_digest_alg from cms.c to crypto.c since 834178825Sdfr its only used there. 835178825Sdfr 836178825Sdfr * crypto.c: remove no longer used stuff, move set_digest_alg here 837178825Sdfr from cms.c since its only used here. 838178825Sdfr 839178825Sdfr * Makefile.am: add data/test-nopw.p12 to EXTRA_DIST 840178825Sdfr 841178825Sdfr2007-01-10 Love H�rnquist �strand <lha@it.su.se> 842178825Sdfr 843178825Sdfr * print.c: BasicConstraints vs criticality bit is complicated and 844178825Sdfr not really possible to evaluate on its own, silly RFC3280. 845178825Sdfr 846178825Sdfr * ca.c: Make basicConstraints critical if this is a CA. 847178825Sdfr 848178825Sdfr * print.c: fix the version vs extension test 849178825Sdfr 850178825Sdfr * print.c: More validation checks. 851178825Sdfr 852178825Sdfr * name.c (hx509_name_cmp): add 853178825Sdfr 854178825Sdfr2007-01-09 Love H�rnquist �strand <lha@it.su.se> 855178825Sdfr 856178825Sdfr * ks_p11.c (collect_private_key): Missing CKA_MODULUS is ok 857178825Sdfr too (XXX why should these be fetched given they are not used). 858178825Sdfr 859178825Sdfr * test_ca.in: rename all files to PEM files, since that is what 860178825Sdfr they are. 861178825Sdfr 862178825Sdfr * hxtool.c: copy out the key with the self signed CA cert 863178825Sdfr 864178825Sdfr * Factor out private key operation out of the signing, operations, 865178825Sdfr support import, export, and generation of private keys. Add 866178825Sdfr support for writing PEM and PKCS12 files with private keys in them. 867178825Sdfr 868178825Sdfr * data/gen-req.sh: Generate a no password pkcs12 file. 869178825Sdfr 870178825Sdfr2007-01-08 Love H�rnquist �strand <lha@it.su.se> 871178825Sdfr 872178825Sdfr * cms.c: Check for internal ASN1 encoder error. 873178825Sdfr 874178825Sdfr2007-01-05 Love H�rnquist �strand <lha@it.su.se> 875178825Sdfr 876178825Sdfr * Makefile.am: Drop most of the pkcs11 files. 877178825Sdfr 878178825Sdfr * test_ca.in: test reissueing ca certificate (xxx time 879178825Sdfr validAfter). 880178825Sdfr 881178825Sdfr * hxtool.c: Allow setting serialNumber (needed for reissuing 882178825Sdfr certificates) Change --key argument to --out-key. 883178825Sdfr 884178825Sdfr * hxtool-commands.in (issue-certificate): Allow setting 885178825Sdfr serialNumber (needed for reissuing certificates), Change --key 886178825Sdfr argument to --out-key. 887178825Sdfr 888178825Sdfr * ref: Replace with Marcus Brinkmann of g10 Code GmbH pkcs11 889178825Sdfr headerfile that is compatible with GPL (file taken from scute) 890178825Sdfr 891178825Sdfr2007-01-04 Love H�rnquist �strand <lha@it.su.se> 892178825Sdfr 893178825Sdfr * test_ca.in: Test to generate key and use them. 894178825Sdfr 895178825Sdfr * hxtool.c: handle other keys the pkcs10 requested keys 896178825Sdfr 897178825Sdfr * hxtool-commands.in: add generate key commands 898178825Sdfr 899178825Sdfr * req.c (_hx509_request_to_pkcs10): PKCS10 needs to have a subject 900178825Sdfr 901178825Sdfr * hxtool-commands.in: Spelling. 902178825Sdfr 903178825Sdfr * ca.c (hx509_ca_tbs_set_proxy): allow negative pathLenConstraint 904178825Sdfr to signal no limit 905178825Sdfr 906178825Sdfr * ks_file.c: Try all formats on the binary file before giving up, 907178825Sdfr this way we can handle binary rsa keys too. 908178825Sdfr 909178825Sdfr * data/key2.der: new test key 910178825Sdfr 911178825Sdfr2007-01-04 David Love <fx@gnu.org> 912178825Sdfr 913178825Sdfr * Makefile.am (hxtool_LDADD): Add libasn1.la 914178825Sdfr 915178825Sdfr * hxtool.c (pcert_verify): Fix format string. 916178825Sdfr 917178825Sdfr2006-12-31 Love H�rnquist �strand <lha@it.su.se> 918178825Sdfr 919178825Sdfr * hxtool.c: Allow setting path length 920178825Sdfr 921178825Sdfr * cert.c: Fix test for proxy certs chain length, it was too 922178825Sdfr restrictive. 923178825Sdfr 924178825Sdfr * data: regen 925178825Sdfr 926178825Sdfr * data/openssl.cnf: (proxy_cert) make length 0 927178825Sdfr 928178825Sdfr * test_ca.in: Issue a long living cert. 929178825Sdfr 930178825Sdfr * hxtool.c: add --lifetime to ca command. 931178825Sdfr 932178825Sdfr * hxtool-commands.in: add --lifetime to ca command. 933178825Sdfr 934178825Sdfr * ca.c: allow setting notBefore and notAfter. 935178825Sdfr 936178825Sdfr * test_ca.in: Test generation of proxy certificates. 937178825Sdfr 938178825Sdfr * ca.c: Allow generation of proxy certificates, always include 939178825Sdfr BasicConstraints, fix error codes. 940178825Sdfr 941178825Sdfr * hxtool.c: Allow generation of proxy certificates. 942178825Sdfr 943178825Sdfr * test_name.c: make hx509_parse_name take a hx509_context. 944178825Sdfr 945178825Sdfr * name.c: Split building RDN to a separate function. 946178825Sdfr 947178825Sdfr2006-12-30 Love H�rnquist �strand <lha@it.su.se> 948178825Sdfr 949178825Sdfr * Makefile.am: clean test_ca files. 950178825Sdfr 951178825Sdfr * test_ca.in: test issuing self-signed and CA certificates. 952178825Sdfr 953178825Sdfr * hxtool.c: Add bits to allow issuing self-signed and CA 954178825Sdfr certificates. 955178825Sdfr 956178825Sdfr * hxtool-commands.in: Add bits to allow issuing self-signed and CA 957178825Sdfr certificates. 958178825Sdfr 959178825Sdfr * ca.c: Add bits to allow issuing CA certificates. 960178825Sdfr 961178825Sdfr * revoke.c: use new OCSPSigning. 962178825Sdfr 963178825Sdfr * ca.c: Add Subject Key Identifier. 964178825Sdfr 965178825Sdfr * ca.c: Add Authority Key Identifier. 966178825Sdfr 967178825Sdfr * cert.c: Locally export _hx509_find_extension_subject_key_id. 968178825Sdfr Handle AuthorityKeyIdentifier where only authorityCertSerialNumber 969178825Sdfr and authorityCertSerialNumber is set. 970178825Sdfr 971178825Sdfr * hxtool-commands.in: Add dnsname and rfc822 SANs. 972178825Sdfr 973178825Sdfr * test_ca.in: Test dnsname and rfc822 SANs. 974178825Sdfr 975178825Sdfr * ca.c: Add dnsname and rfc822 SANs. 976178825Sdfr 977178825Sdfr * hxtool.c: Add dnsname and rfc822 SANs. 978178825Sdfr 979178825Sdfr * test_ca.in: test adding eku, ku and san to the 980178825Sdfr certificate (https and pk-init) 981178825Sdfr 982178825Sdfr * hxtool.c: Add eku, ku and san to the certificate. 983178825Sdfr 984178825Sdfr * ca.c: Add eku, ku and san to the certificate. 985178825Sdfr 986178825Sdfr * hxtool-commands.in: Add --type and --pk-init-principal 987178825Sdfr 988178825Sdfr * ocsp.asn1: remove id-kp-OCSPSigning, its in rfc2459.asn1 now 989178825Sdfr 990178825Sdfr2006-12-29 Love H�rnquist �strand <lha@it.su.se> 991178825Sdfr 992178825Sdfr * ca.c: Add KeyUsage extension. 993178825Sdfr 994178825Sdfr * Makefile.am: add ca.c, add sign-certificate tests. 995178825Sdfr 996178825Sdfr * crypto.c: Add _hx509_create_signature_bitstring. 997178825Sdfr 998178825Sdfr * hxtool-commands.in: Add the sign-certificate tool. 999178825Sdfr 1000178825Sdfr * hxtool.c: Add the sign-certificate tool. 1001178825Sdfr 1002178825Sdfr * cert.c: Add HX509_QUERY_OPTION_KU_KEYCERTSIGN. 1003178825Sdfr 1004178825Sdfr * hx509.h: Add hx509_ca_tbs and HX509_QUERY_OPTION_KU_KEYCERTSIGN. 1005178825Sdfr 1006178825Sdfr * test_ca.in: Basic test of generating a pkcs10 request, signing 1007178825Sdfr it and verifying the chain. 1008178825Sdfr 1009178825Sdfr * ca.c: Naive certificate signer. 1010178825Sdfr 1011178825Sdfr2006-12-28 Love H�rnquist �strand <lha@it.su.se> 1012178825Sdfr 1013178825Sdfr * hxtool.c: add hxtool_hex 1014178825Sdfr 1015178825Sdfr2006-12-22 Love H�rnquist �strand <lha@it.su.se> 1016178825Sdfr 1017178825Sdfr * Makefile.am: use top_builddir for libasn1.la 1018178825Sdfr 1019178825Sdfr2006-12-11 Love H�rnquist �strand <lha@it.su.se> 1020178825Sdfr 1021178825Sdfr * hxtool.c (print_certificate): print serial number. 1022178825Sdfr 1023178825Sdfr * name.c (no): add S=stateOrProvinceName 1024178825Sdfr 1025178825Sdfr2006-12-09 Love H�rnquist �strand <lha@it.su.se> 1026178825Sdfr 1027178825Sdfr * crypto.c (_hx509_private_key_assign_rsa): set a default sig alg 1028178825Sdfr 1029178825Sdfr * ks_file.c (try_decrypt): pass down AlgorithmIdentifier that key 1030178825Sdfr uses to do sigatures so there is no need to hardcode RSA into this 1031178825Sdfr function. 1032178825Sdfr 1033178825Sdfr2006-12-08 Love H�rnquist �strand <lha@it.su.se> 1034178825Sdfr 1035178825Sdfr * ks_file.c: Pass filename to the parse functions and use it in 1036178825Sdfr the error messages 1037178825Sdfr 1038178825Sdfr * test_chain.in: test proxy cert (third level) 1039178825Sdfr 1040178825Sdfr * hx509_err.et: fix errorstring for PROXY_CERT_NAME_WRONG 1041178825Sdfr 1042178825Sdfr * data: regen 1043178825Sdfr 1044178825Sdfr * Makefile.am: EXTRA_DIST: add 1045178825Sdfr data/proxy10-child-child-test.{key,crt} 1046178825Sdfr 1047178825Sdfr * data/gen-req.sh: Fix names and restrictions on the proxy 1048178825Sdfr certificates 1049178825Sdfr 1050178825Sdfr * cert.c: Clairfy and make proxy cert handling work for multiple 1051178825Sdfr levels, before it was too restrictive. More helpful error message. 1052178825Sdfr 1053178825Sdfr2006-12-07 Love H�rnquist �strand <lha@it.su.se> 1054178825Sdfr 1055178825Sdfr * cert.c (check_key_usage): tell what keyusages are missing 1056178825Sdfr 1057178825Sdfr * print.c: Split OtherName printing code to a oid lookup and print 1058178825Sdfr function. 1059178825Sdfr 1060178825Sdfr * print.c (Time2string): print hour as hour not min 1061178825Sdfr 1062178825Sdfr * Makefile.am: CLEANFILES += test 1063178825Sdfr 1064178825Sdfr2006-12-06 Love H�rnquist �strand <lha@it.su.se> 1065178825Sdfr 1066178825Sdfr * Makefile.am (EXTRA_DIST): add data/pkinit-proxy* files 1067178825Sdfr 1068178825Sdfr * Makefile.am (EXTRA_DIST): add tst-crypto* files 1069178825Sdfr 1070178825Sdfr * cert.c (hx509_query_match_issuer_serial): make a copy of the 1071178825Sdfr data 1072178825Sdfr 1073178825Sdfr * cert.c (hx509_query_match_issuer_serial): allow matching on 1074178825Sdfr issuer and serial num 1075178825Sdfr 1076178825Sdfr * cert.c (_hx509_calculate_path): add flag to allow leaving out 1077178825Sdfr trust anchor 1078178825Sdfr 1079178825Sdfr * cms.c (hx509_cms_create_signed_1): when building the path, omit 1080178825Sdfr the trust anchors. 1081178825Sdfr 1082178825Sdfr * crypto.c (rsa_create_signature): Abort when signature is longer, 1083178825Sdfr not shorter. 1084178825Sdfr 1085178825Sdfr * cms.c: Provide time to _hx509_calculate_path so we don't send no 1086178825Sdfr longer valid certs to our peer. 1087178825Sdfr 1088178825Sdfr * cert.c (find_parent): when checking for certs and its not a 1089178825Sdfr trust anchor, require time be in range. 1090178825Sdfr (_hx509_query_match_cert): Add time validity-testing to query mask 1091178825Sdfr 1092178825Sdfr * hx_locl.h: add time validity-testing to query mask 1093178825Sdfr 1094178825Sdfr * test_cms.in: Tests for CMS SignedData with incomplete chain from 1095178825Sdfr the signer. 1096178825Sdfr 1097178825Sdfr2006-11-28 Love H�rnquist �strand <lha@it.su.se> 1098178825Sdfr 1099178825Sdfr * cms.c (hx509_cms_verify_signed): specify what signature we 1100178825Sdfr failed to verify 1101178825Sdfr 1102178825Sdfr * Makefile.am: Depend on LIB_com_err for AIX. 1103178825Sdfr 1104178825Sdfr * keyset.c: Remove anther strndup that causes AIX to fall over. 1105178825Sdfr 1106178825Sdfr * cert.c: Don't check the trust anchors expiration time since they 1107178825Sdfr are transported out of band, from RFC3820. 1108178825Sdfr 1109178825Sdfr * cms.c: sprinkle more error strings 1110178825Sdfr 1111178825Sdfr * crypto.c: sprinkle more error strings 1112178825Sdfr 1113178825Sdfr * hxtool.c: use unsigned int as counter to fit better with the 1114178825Sdfr asn1 compiler 1115178825Sdfr 1116178825Sdfr * crypto.c: use unsigned int as counter to fit better with the 1117178825Sdfr asn1 compiler 1118178825Sdfr 1119178825Sdfr2006-11-27 Love H�rnquist �strand <lha@it.su.se> 1120178825Sdfr 1121178825Sdfr * cms.c: Remove trailing white space. 1122178825Sdfr 1123178825Sdfr * crypto.c: rewrite comment to make more sense 1124178825Sdfr 1125178825Sdfr * crypto.c (hx509_crypto_select): check sig_algs[j]->key_oid 1126178825Sdfr 1127178825Sdfr * hxtool-commands.in (crypto-available): add --type 1128178825Sdfr 1129178825Sdfr * crypto.c (hx509_crypto_available): let alg pass if its keyless 1130178825Sdfr 1131178825Sdfr * hxtool-commands.in: Expand crypto-select 1132178825Sdfr 1133178825Sdfr * cms.c: Rename hx509_select to hx509_crypto_select. 1134178825Sdfr 1135178825Sdfr * hxtool-commands.in: Add crypto-select and crypto-available. 1136178825Sdfr 1137178825Sdfr * hxtool.c: Add crypto-select and crypto-available. 1138178825Sdfr 1139178825Sdfr * crypto.c (hx509_crypto_available): use right index. 1140178825Sdfr (hx509_crypto_free_algs): new function 1141178825Sdfr 1142178825Sdfr * crypto.c (hx509_crypto_select): improve 1143178825Sdfr (hx509_crypto_available): new function 1144178825Sdfr 1145178825Sdfr2006-11-26 Love H�rnquist �strand <lha@it.su.se> 1146178825Sdfr 1147178825Sdfr * cert.c: Sprinkle more error string and hx509_contexts. 1148178825Sdfr 1149178825Sdfr * cms.c: Sprinkle more error strings. 1150178825Sdfr 1151178825Sdfr * crypto.c: Sprinkle error string and hx509_contexts. 1152178825Sdfr 1153178825Sdfr * crypto.c: Add some more comments about how this works. 1154178825Sdfr 1155178825Sdfr * crypto.c (hx509_select): new function. 1156178825Sdfr 1157178825Sdfr * Makefile.am: add peer.c 1158178825Sdfr 1159178825Sdfr * hxtool.c: Update hx509_cms_create_signed_1. 1160178825Sdfr 1161178825Sdfr * hx_locl.h: add struct hx509_peer_info 1162178825Sdfr 1163178825Sdfr * peer.c: Allow selection of digest/sig-alg 1164178825Sdfr 1165178825Sdfr * cms.c: Allow selection of a better digest using hx509_peer_info. 1166178825Sdfr 1167178825Sdfr * revoke.c: Handle that _hx509_verify_signature takes a context. 1168178825Sdfr 1169178825Sdfr * cert.c: Handle that _hx509_verify_signature takes a context. 1170178825Sdfr 1171178825Sdfr2006-11-25 Love H�rnquist �strand <lha@it.su.se> 1172178825Sdfr 1173178825Sdfr * cms.c: Sprinkle error strings. 1174178825Sdfr 1175178825Sdfr * crypto.c: Sprinkle context and error strings. 1176178825Sdfr 1177178825Sdfr2006-11-24 Love H�rnquist �strand <lha@it.su.se> 1178178825Sdfr 1179178825Sdfr * name.c: Handle printing and parsing raw oids in name. 1180178825Sdfr 1181178825Sdfr2006-11-23 Love H�rnquist �strand <lha@it.su.se> 1182178825Sdfr 1183178825Sdfr * cert.c (_hx509_calculate_path): allow to calculate optimistic 1184178825Sdfr path when we don't know the trust anchors, just follow the chain 1185178825Sdfr upward until we no longer find a parent or we hit the max limit. 1186178825Sdfr 1187178825Sdfr * cms.c (hx509_cms_create_signed_1): provide a best effort path to 1188178825Sdfr the trust anchors to be stored in the SignedData packet, if find 1189178825Sdfr parents until trust anchor or max length. 1190178825Sdfr 1191178825Sdfr * data: regen 1192178825Sdfr 1193178825Sdfr * data/gen-req.sh: Build pk-init proxy cert. 1194178825Sdfr 1195178825Sdfr2006-11-16 Love H�rnquist �strand <lha@it.su.se> 1196178825Sdfr 1197178825Sdfr * error.c (hx509_get_error_string): Put ", " between strings in 1198178825Sdfr error message. 1199178825Sdfr 1200178825Sdfr2006-11-13 Love H�rnquist �strand <lha@it.su.se> 1201178825Sdfr 1202178825Sdfr * data/openssl.cnf: Change realm to TEST.H5L.SE 1203178825Sdfr 1204178825Sdfr2006-11-07 Love H�rnquist �strand <lha@it.su.se> 1205178825Sdfr 1206178825Sdfr * revoke.c: Sprinkle error strings. 1207178825Sdfr 1208178825Sdfr2006-11-04 Love H�rnquist �strand <lha@it.su.se> 1209178825Sdfr 1210178825Sdfr * hx_locl.h: add context variable to cmp function. 1211178825Sdfr 1212178825Sdfr * cert.c (hx509_query_match_cmp_func): allow setting the match 1213178825Sdfr function. 1214178825Sdfr 1215178825Sdfr2006-10-24 Love H�rnquist �strand <lha@it.su.se> 1216178825Sdfr 1217178825Sdfr * ks_p11.c: Return less EINVAL. 1218178825Sdfr 1219178825Sdfr * hx509_err.et: add more pkcs11 errors 1220178825Sdfr 1221178825Sdfr * hx509_err.et: more error-codes 1222178825Sdfr 1223178825Sdfr * revoke.c: Return less EINVAL. 1224178825Sdfr 1225178825Sdfr * ks_dir.c: sprinkel more hx509_set_error_string 1226178825Sdfr 1227178825Sdfr * ks_file.c: Return less EINVAL. 1228178825Sdfr 1229178825Sdfr * hxtool.c: Pass in context to _hx509_parse_private_key. 1230178825Sdfr 1231178825Sdfr * ks_file.c: Sprinkle more hx509_context so we can return propper 1232178825Sdfr errors. 1233178825Sdfr 1234178825Sdfr * hx509_err.et: add HX509_PARSING_KEY_FAILED 1235178825Sdfr 1236178825Sdfr * crypto.c: Sprinkle more hx509_context so we can return propper 1237178825Sdfr errors. 1238178825Sdfr 1239178825Sdfr * collector.c: No more EINVAL. 1240178825Sdfr 1241178825Sdfr * hx509_err.et: add HX509_LOCAL_ATTRIBUTE_MISSING 1242178825Sdfr 1243178825Sdfr * cert.c (hx509_cert_get_base_subject): one less EINVAL 1244178825Sdfr (_hx509_cert_private_decrypt): one less EINVAL 1245178825Sdfr 1246178825Sdfr2006-10-22 Love H�rnquist �strand <lha@it.su.se> 1247178825Sdfr 1248178825Sdfr * collector.c: indent 1249178825Sdfr 1250178825Sdfr * hxtool.c: Try to not leak memory. 1251178825Sdfr 1252178825Sdfr * req.c: clean memory before free 1253178825Sdfr 1254178825Sdfr * crypto.c (_hx509_private_key2SPKI): indent 1255178825Sdfr 1256178825Sdfr * req.c: Try to not leak memory. 1257178825Sdfr 1258178825Sdfr2006-10-21 Love H�rnquist �strand <lha@it.su.se> 1259178825Sdfr 1260178825Sdfr * test_crypto.in: Read 50 kilobyte random data 1261178825Sdfr 1262178825Sdfr * revoke.c: Try to not leak memory. 1263178825Sdfr 1264178825Sdfr * hxtool.c: Try to not leak memory. 1265178825Sdfr 1266178825Sdfr * crypto.c (hx509_crypto_destroy): free oid. 1267178825Sdfr 1268178825Sdfr * error.c: Clean error string on failure just to make sure. 1269178825Sdfr 1270178825Sdfr * cms.c: Try to not leak memory (again). 1271178825Sdfr 1272178825Sdfr * hxtool.c: use a sensable content type 1273178825Sdfr 1274178825Sdfr * cms.c: Try harder to free certificate. 1275178825Sdfr 1276178825Sdfr2006-10-20 Love H�rnquist �strand <lha@it.su.se> 1277178825Sdfr 1278178825Sdfr * Makefile.am: Add make check data. 1279178825Sdfr 1280178825Sdfr2006-10-19 Love H�rnquist �strand <lha@it.su.se> 1281178825Sdfr 1282178825Sdfr * ks_p11.c (p11_list_keys): make element of search_data[0] 1283178825Sdfr constants and set them later 1284178825Sdfr 1285178825Sdfr * Makefile.am: Add more files. 1286178825Sdfr 1287178825Sdfr2006-10-17 Love H�rnquist �strand <lha@it.su.se> 1288178825Sdfr 1289178825Sdfr * ks_file.c: set ret, remember to free ivdata 1290178825Sdfr 1291178825Sdfr2006-10-16 Love H�rnquist �strand <lha@it.su.se> 1292178825Sdfr 1293178825Sdfr * hx_locl.h: Include <parse_bytes.h>. 1294178825Sdfr 1295178825Sdfr * test_crypto.in: Test random-data. 1296178825Sdfr 1297178825Sdfr * hxtool.c: RAND_bytes() return 1 for cryptographic strong data, 1298178825Sdfr check for that. 1299178825Sdfr 1300178825Sdfr * Makefile.am: clean random-data 1301178825Sdfr 1302178825Sdfr * hxtool.c: Add random-data command, use sl_slc_help. 1303178825Sdfr 1304178825Sdfr * hxtool-commands.in: Add random-data. 1305178825Sdfr 1306178825Sdfr * ks_p12.c: Remember to release certs. 1307178825Sdfr 1308178825Sdfr * ks_p11.c: Remember to release certs. 1309178825Sdfr 1310178825Sdfr2006-10-14 Love H�rnquist �strand <lha@it.su.se> 1311178825Sdfr 1312178825Sdfr * prefix der primitives with der_ 1313178825Sdfr 1314178825Sdfr * lock.c: Match the prompt type PROMPT exact. 1315178825Sdfr 1316178825Sdfr * hx_locl.h: Drop heim_any.h 1317178825Sdfr 1318178825Sdfr2006-10-11 Love H�rnquist �strand <lha@it.su.se> 1319178825Sdfr 1320178825Sdfr * ks_p11.c (p11_release_module): j needs to be used as inter loop 1321178825Sdfr index. From Douglas Engert. 1322178825Sdfr 1323178825Sdfr * ks_file.c (parse_rsa_private_key): try all passwords and 1324178825Sdfr prompter. 1325178825Sdfr 1326178825Sdfr2006-10-10 Love H�rnquist �strand <lha@it.su.se> 1327178825Sdfr 1328178825Sdfr * test_*.in: Parameterise the invocation of hxtool, so we can make 1329178825Sdfr it run under TESTS_ENVIRONMENT. From Andrew Bartlett 1330178825Sdfr 1331178825Sdfr2006-10-08 Love H�rnquist �strand <lha@it.su.se> 1332178825Sdfr 1333178825Sdfr * test_crypto.in: Put all test stuck at 2006-09-25 since all their 1334178825Sdfr chains where valied then. 1335178825Sdfr 1336178825Sdfr * hxtool.c: Implement --time= option. 1337178825Sdfr 1338178825Sdfr * hxtool-commands.in: Add option time. 1339178825Sdfr 1340178825Sdfr * Makefile.am: test_name is a PROGRAM_TESTS 1341178825Sdfr 1342178825Sdfr * ks_p11.c: Return HX509_PKCS11_NO_SLOT when there are no slots 1343178825Sdfr and HX509_PKCS11_NO_TOKEN when there are no token. For use in PAM 1344178825Sdfr modules that want to detect when to use smartcard login and when 1345178825Sdfr not to. Patched based on code from Douglas Engert. 1346178825Sdfr 1347178825Sdfr * hx509_err.et: Add new pkcs11 related errors in a new section: 1348178825Sdfr keystore related error. Patched based on code from Douglas 1349178825Sdfr Engert. 1350178825Sdfr 1351178825Sdfr2006-10-07 Love H�rnquist �strand <lha@it.su.se> 1352178825Sdfr 1353178825Sdfr * Makefile.am: Make depenency for slc built files just like 1354178825Sdfr everywhere else. 1355178825Sdfr 1356178825Sdfr * cert.c: Add all openssl algs and init asn1 et 1357178825Sdfr 1358178825Sdfr2006-10-06 Love H�rnquist �strand <lha@it.su.se> 1359178825Sdfr 1360178825Sdfr * ks_file.c (parse_rsa_private_key): free type earlier. 1361178825Sdfr 1362178825Sdfr * ks_file.c (parse_rsa_private_key): free type after use 1363178825Sdfr 1364178825Sdfr * name.c (_hx509_Name_to_string): remove dup const 1365178825Sdfr 1366178825Sdfr2006-10-02 Love H�rnquist �strand <lha@it.su.se> 1367178825Sdfr 1368178825Sdfr * Makefile.am: Add more libs to libhx509 1369178825Sdfr 1370178825Sdfr2006-10-01 Love H�rnquist �strand <lha@it.su.se> 1371178825Sdfr 1372178825Sdfr * ks_p11.c: Fix double free's, NULL ptr de-reference, and conform 1373178825Sdfr better to pkcs11. From Douglas Engert. 1374178825Sdfr 1375178825Sdfr * ref: remove ^M, it breaks solaris 10s cc. From Harald Barth 1376178825Sdfr 1377178825Sdfr2006-09-19 Love H�rnquist �strand <lha@it.su.se> 1378178825Sdfr 1379178825Sdfr * test_crypto.in: Bleichenbacher bad cert from Ralf-Philipp 1380178825Sdfr Weinmann and Andrew Pyshkin, pad right. 1381178825Sdfr 1382178825Sdfr * data: starfield test root cert and Ralf-Philipp and Andreis 1383178825Sdfr correctly padded bad cert 1384178825Sdfr 1385178825Sdfr2006-09-15 Love H�rnquist �strand <lha@it.su.se> 1386178825Sdfr 1387178825Sdfr * test_crypto.in: Add test for yutaka certs. 1388178825Sdfr 1389178825Sdfr * cert.c: Add a strict rfc3280 verification flag. rfc3280 requires 1390178825Sdfr certificates to have KeyUsage.keyCertSign if they are to be used 1391178825Sdfr for signing of certificates, but the step in the verifiation is 1392178825Sdfr optional. 1393178825Sdfr 1394178825Sdfr * hxtool.c: Improve printing and error reporting. 1395178825Sdfr 1396178825Sdfr2006-09-13 Love H�rnquist �strand <lha@it.su.se> 1397178825Sdfr 1398178825Sdfr * test_crypto.in,Makefile.am,data/bleichenbacher-{bad,good}.pem: 1399178825Sdfr test bleichenbacher from eay 1400178825Sdfr 1401178825Sdfr2006-09-12 Love H�rnquist �strand <lha@it.su.se> 1402178825Sdfr 1403178825Sdfr * hxtool.c: Make common function for all getarg_strings and 1404178825Sdfr hx509_certs_append commonly used. 1405178825Sdfr 1406178825Sdfr * cms.c: HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT is a negative 1407178825Sdfr flag, treat it was such. 1408178825Sdfr 1409178825Sdfr2006-09-11 Love H�rnquist �strand <lha@it.su.se> 1410178825Sdfr 1411178825Sdfr * req.c: Use the new add_GeneralNames function. 1412178825Sdfr 1413178825Sdfr * hx509.h: Add HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT. 1414178825Sdfr 1415178825Sdfr * ks_p12.c: Adapt to new signature of hx509_cms_unenvelope. 1416178825Sdfr 1417178825Sdfr * hxtool.c: Adapt to new signature of hx509_cms_unenvelope. 1418178825Sdfr 1419178825Sdfr * cms.c: Allow passing in encryptedContent and flag. Add new flag 1420178825Sdfr HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT. 1421178825Sdfr 1422178825Sdfr2006-09-08 Love H�rnquist �strand <lha@it.su.se> 1423178825Sdfr 1424178825Sdfr * ks_p11.c: cast void * to char * when using it for %s formating 1425178825Sdfr in printf. 1426178825Sdfr 1427178825Sdfr * name.c: New function _hx509_Name_to_string. 1428178825Sdfr 1429178825Sdfr2006-09-07 Love H�rnquist �strand <lha@it.su.se> 1430178825Sdfr 1431178825Sdfr * ks_file.c: Sprinkle error messages. 1432178825Sdfr 1433178825Sdfr * cms.c: Sprinkle even more error messages. 1434178825Sdfr 1435178825Sdfr * cms.c: Sprinkle some error messages. 1436178825Sdfr 1437178825Sdfr * cms.c (find_CMSIdentifier): only free string when we allocated 1438178825Sdfr one. 1439178825Sdfr 1440178825Sdfr * ks_p11.c: Don't build most of the pkcs11 module if there are no 1441178825Sdfr dlopen(). 1442178825Sdfr 1443178825Sdfr2006-09-06 Love H�rnquist �strand <lha@it.su.se> 1444178825Sdfr 1445178825Sdfr * cms.c (hx509_cms_unenvelope): try to save the error string from 1446178825Sdfr find_CMSIdentifier so we have one more bit of information what 1447178825Sdfr went wrong. 1448178825Sdfr 1449178825Sdfr * hxtool.c: More pretty printing, make verify_signed return the 1450178825Sdfr error string from the library. 1451178825Sdfr 1452178825Sdfr * cms.c: Try returning what certificates failed to parse or be 1453178825Sdfr found. 1454178825Sdfr 1455178825Sdfr * ks_p11.c (p11_list_keys): fetch CKA_LABEL and use it to set the 1456178825Sdfr friendlyname for the certificate. 1457178825Sdfr 1458178825Sdfr2006-09-05 Love H�rnquist �strand <lha@it.su.se> 1459178825Sdfr 1460178825Sdfr * crypto.c: check that there are no extra bytes in the checksum 1461178825Sdfr and that the parameters are NULL or the NULL-type. All to avoid 1462178825Sdfr having excess data that can be used to fake the signature. 1463178825Sdfr 1464178825Sdfr * hxtool.c: print keyusage 1465178825Sdfr 1466178825Sdfr * print.c: add hx509_cert_keyusage_print, simplify oid printing 1467178825Sdfr 1468178825Sdfr * cert.c: add _hx509_cert_get_keyusage 1469178825Sdfr 1470178825Sdfr * ks_p11.c: keep one session around for the whole life of the keyset 1471178825Sdfr 1472178825Sdfr * test_query.in: tests more selection 1473178825Sdfr 1474178825Sdfr * hxtool.c: improve pretty printing in print and query 1475178825Sdfr 1476178825Sdfr * hxtool{.c,-commands.in}: add selection on KU and printing to query 1477178825Sdfr 1478178825Sdfr * test_cms.in: Add cms test for digitalSignature and 1479178825Sdfr keyEncipherment certs. 1480178825Sdfr 1481178825Sdfr * name.c (no): Add serialNumber 1482178825Sdfr 1483178825Sdfr * ks_p11.c (p11_get_session): return better error messages 1484178825Sdfr 1485178825Sdfr2006-09-04 Love H�rnquist �strand <lha@it.su.se> 1486178825Sdfr 1487178825Sdfr * ref: update to pkcs11 reference files 2.20 1488178825Sdfr 1489178825Sdfr * ks_p11.c: add more mechflags 1490178825Sdfr 1491178825Sdfr * name.c (no): add OU and sort 1492178825Sdfr 1493178825Sdfr * revoke.c: pass context to _hx509_create_signature 1494178825Sdfr 1495178825Sdfr * ks_p11.c (p11_printinfo): print proper plural s 1496178825Sdfr 1497178825Sdfr * ks_p11.c: save the mechs supported when initing the token, print 1498178825Sdfr them in printinfo. 1499178825Sdfr 1500178825Sdfr * hx_locl.h: Include <parse_units.h>. 1501178825Sdfr 1502178825Sdfr * cms.c: pass context to _hx509_create_signature 1503178825Sdfr 1504178825Sdfr * req.c: pass context to _hx509_create_signature 1505178825Sdfr 1506178825Sdfr * keyset.c (hx509_certs_info): print information about the keyset. 1507178825Sdfr 1508178825Sdfr * hxtool.c (pcert_print) print keystore info when --info flag is 1509178825Sdfr given. 1510178825Sdfr 1511178825Sdfr * hxtool-commands.in: Add hxtool print --info. 1512178825Sdfr 1513178825Sdfr * test_query.in: Test hxtool print --info. 1514178825Sdfr 1515178825Sdfr * hx_locl.h (hx509_keyset_ops): add printinfo 1516178825Sdfr 1517178825Sdfr * crypto.c: Start to hang the private key operations of the 1518178825Sdfr private key, pass hx509_context to create_checksum. 1519178825Sdfr 1520178825Sdfr2006-05-29 Love H�rnquist �strand <lha@it.su.se> 1521178825Sdfr 1522178825Sdfr * ks_p11.c: Iterate over all slots, not just the first/selected 1523178825Sdfr one. 1524178825Sdfr 1525178825Sdfr2006-05-27 Love H�rnquist �strand <lha@it.su.se> 1526178825Sdfr 1527178825Sdfr * cert.c: Add release function for certifiates so backend knowns 1528178825Sdfr when its no longer used. 1529178825Sdfr 1530178825Sdfr * ks_p11.c: Add reference counting on certifiates, push out 1531178825Sdfr CK_SESSION_HANDLE from slot. 1532178825Sdfr 1533178825Sdfr * cms.c: sprinkle more hx509_clear_error_string 1534178825Sdfr 1535178825Sdfr2006-05-22 Love H�rnquist �strand <lha@it.su.se> 1536178825Sdfr 1537178825Sdfr * ks_p11.c: Sprinkle some hx509_set_error_strings 1538178825Sdfr 1539178825Sdfr2006-05-13 Love H�rnquist �strand <lha@it.su.se> 1540178825Sdfr 1541178825Sdfr * hxtool.c: Avoid shadowing. 1542178825Sdfr 1543178825Sdfr * revoke.c: Avoid shadowing. 1544178825Sdfr 1545178825Sdfr * ks_file.c: Avoid shadowing. 1546178825Sdfr 1547178825Sdfr * cert.c: Avoid shadowing. 1548178825Sdfr 1549178825Sdfr2006-05-12 Love H�rnquist �strand <lha@it.su.se> 1550178825Sdfr 1551178825Sdfr * lock.c (hx509_prompt_hidden): reshuffle to avoid gcc warning 1552178825Sdfr 1553178825Sdfr * hx509.h: Reshuffle the prompter types, remove the hidden field. 1554178825Sdfr 1555178825Sdfr * lock.c (hx509_prompt_hidden): return if the prompt should be 1556178825Sdfr hidden or not 1557178825Sdfr 1558178825Sdfr * revoke.c (hx509_revoke_free): allow free of NULL. 1559178825Sdfr 1560178825Sdfr2006-05-11 Love H�rnquist �strand <lha@it.su.se> 1561178825Sdfr 1562178825Sdfr * ks_file.c (file_init): Avoid shadowing ret (and thus avoiding 1563178825Sdfr crashing). 1564178825Sdfr 1565178825Sdfr * ks_dir.c: Implement DIR: caches useing FILE: caches. 1566178825Sdfr 1567178825Sdfr * ks_p11.c: Catch more errors. 1568178825Sdfr 1569178825Sdfr2006-05-08 Love H�rnquist �strand <lha@it.su.se> 1570178825Sdfr 1571178825Sdfr * crypto.c (hx509_crypto_encrypt): free correctly in error 1572178825Sdfr path. From Andrew Bartlett. 1573178825Sdfr 1574178825Sdfr * crypto.c: If RAND_bytes fails, then we will attempt to 1575178825Sdfr double-free crypt->key.data. From Andrew Bartlett. 1576178825Sdfr 1577178825Sdfr2006-05-05 Love H�rnquist �strand <lha@it.su.se> 1578178825Sdfr 1579178825Sdfr * name.c: Rename u_intXX_t to uintXX_t 1580178825Sdfr 1581178825Sdfr2006-05-03 Love H�rnquist �strand <lha@it.su.se> 1582178825Sdfr 1583178825Sdfr * TODO: More to do about the about the PKCS11 code. 1584178825Sdfr 1585178825Sdfr * ks_p11.c: Use the prompter from the lock function. 1586178825Sdfr 1587178825Sdfr * lock.c: Deal with that hx509_prompt.reply is no longer a 1588178825Sdfr pointer. 1589178825Sdfr 1590178825Sdfr * hx509.h: Make hx509_prompt.reply not a pointer. 1591178825Sdfr 1592178825Sdfr2006-05-02 Love H�rnquist �strand <lha@it.su.se> 1593178825Sdfr 1594178825Sdfr * keyset.c: Sprinkle setting error strings. 1595178825Sdfr 1596178825Sdfr * crypto.c: Sprinkle setting error strings. 1597178825Sdfr 1598178825Sdfr * collector.c: Sprinkle setting error strings. 1599178825Sdfr 1600178825Sdfr * cms.c: Sprinkle setting error strings. 1601178825Sdfr 1602178825Sdfr2006-05-01 Love H�rnquist �strand <lha@it.su.se> 1603178825Sdfr 1604178825Sdfr * test_name.c: renamed one error code 1605178825Sdfr 1606178825Sdfr * name.c: renamed one error code 1607178825Sdfr 1608178825Sdfr * ks_p11.c: _hx509_set_cert_attribute changed signature 1609178825Sdfr 1610178825Sdfr * hxtool.c (pcert_print): use hx509_err so I can test it 1611178825Sdfr 1612178825Sdfr * error.c (hx509_set_error_stringv): clear errors on malloc 1613178825Sdfr failure 1614178825Sdfr 1615178825Sdfr * hx509_err.et: Add some more errors 1616178825Sdfr 1617178825Sdfr * cert.c: Sprinkle setting error strings. 1618178825Sdfr 1619178825Sdfr * cms.c: _hx509_path_append changed signature. 1620178825Sdfr 1621178825Sdfr * revoke.c: changed signature of _hx509_check_key_usage 1622178825Sdfr 1623178825Sdfr * keyset.c: changed signature of _hx509_query_match_cert 1624178825Sdfr 1625178825Sdfr * hx509.h: Add support for error strings. 1626178825Sdfr 1627178825Sdfr * cms.c: changed signature of _hx509_check_key_usage 1628178825Sdfr 1629178825Sdfr * Makefile.am: ibhx509_la_files += error.c 1630178825Sdfr 1631178825Sdfr * ks_file.c: Sprinkel setting error strings. 1632178825Sdfr 1633178825Sdfr * cert.c: Sprinkel setting error strings. 1634178825Sdfr 1635178825Sdfr * hx_locl.h: Add support for error strings. 1636178825Sdfr 1637178825Sdfr * error.c: Add string error handling functions. 1638178825Sdfr 1639178825Sdfr * keyset.c (hx509_certs_init): pass the right error code back 1640178825Sdfr 1641178825Sdfr2006-04-30 Love H�rnquist �strand <lha@it.su.se> 1642178825Sdfr 1643178825Sdfr * revoke.c: Revert previous patch. 1644178825Sdfr (hx509_ocsp_verify): new function that returns the expiration of 1645178825Sdfr certificate in ocsp data-blob 1646178825Sdfr 1647178825Sdfr * cert.c: Reverse previous patch, lets do it another way. 1648178825Sdfr 1649178825Sdfr * cert.c (hx509_revoke_verify): update usage 1650178825Sdfr 1651178825Sdfr * revoke.c: Make compile. 1652178825Sdfr 1653178825Sdfr * revoke.c: Add the expiration time the crl/ocsp info expire 1654178825Sdfr 1655178825Sdfr * name.c: Add hx509_name_is_null_p 1656178825Sdfr 1657178825Sdfr * cert.c: remove _hx509_cert_private_sigature 1658178825Sdfr 1659178825Sdfr2006-04-29 Love H�rnquist �strand <lha@it.su.se> 1660178825Sdfr 1661178825Sdfr * name.c: Expose more of Name. 1662178825Sdfr 1663178825Sdfr * hxtool.c (main): add missing argument to printf 1664178825Sdfr 1665178825Sdfr * data/openssl.cnf: Add EKU for the KDC certificate 1666178825Sdfr 1667178825Sdfr * cert.c (hx509_cert_get_base_subject): reject un-canon proxy 1668178825Sdfr certs, not the reverse 1669178825Sdfr (add_to_list): constify and fix argument order to 1670178825Sdfr copy_octet_string 1671178825Sdfr (hx509_cert_find_subjectAltName_otherName): make work 1672178825Sdfr 1673178825Sdfr2006-04-28 Love H�rnquist �strand <lha@it.su.se> 1674178825Sdfr 1675178825Sdfr * data/{pkinit,kdc}.{crt,key}: pkinit certificates 1676178825Sdfr 1677178825Sdfr * data/gen-req.sh: Generate pkinit certificates. 1678178825Sdfr 1679178825Sdfr * data/openssl.cnf: Add pkinit glue. 1680178825Sdfr 1681178825Sdfr * cert.c (hx509_verify_hostname): implement stub function 1682178825Sdfr 1683178825Sdfr2006-04-27 Love H�rnquist �strand <lha@it.su.se> 1684178825Sdfr 1685178825Sdfr * TODO: CRL delta support 1686178825Sdfr 1687178825Sdfr2006-04-26 Love H�rnquist �strand <lha@it.su.se> 1688178825Sdfr 1689178825Sdfr * data/.cvsignore: ignore leftover from OpenSSL cert generation 1690178825Sdfr 1691178825Sdfr * hx509_err.et: Add name malformated error 1692178825Sdfr 1693178825Sdfr * name.c (hx509_parse_name): don't abort on error, rather return 1694178825Sdfr error 1695178825Sdfr 1696178825Sdfr * test_name.c: Test failure parsing name. 1697178825Sdfr 1698178825Sdfr * cert.c: When verifying certificates, store subject basename for 1699178825Sdfr later consumption. 1700178825Sdfr 1701178825Sdfr * test_name.c: test to parse and print name and check that they 1702178825Sdfr are the same. 1703178825Sdfr 1704178825Sdfr * name.c (hx509_parse_name): fix length argument to printf string 1705178825Sdfr 1706178825Sdfr * name.c (hx509_parse_name): fix length argument to stringtooid, 1 1707178825Sdfr too short. 1708178825Sdfr 1709178825Sdfr * cert.c: remove debug printf's 1710178825Sdfr 1711178825Sdfr * name.c (hx509_parse_name): make compile pre c99 1712178825Sdfr 1713178825Sdfr * data/gen-req.sh: OpenSSL have a serious issue of user confusion 1714178825Sdfr -subj in -ca takes the arguments in LDAP order. -subj for x509 1715178825Sdfr takes it in x509 order. 1716178825Sdfr 1717178825Sdfr * cert.c (hx509_verify_path): handle the case where the where two 1718178825Sdfr proxy certs in a chain. 1719178825Sdfr 1720178825Sdfr * test_chain.in: enable two proxy certificates in a chain test 1721178825Sdfr 1722178825Sdfr * test_chain.in: tests proxy certificates 1723178825Sdfr 1724178825Sdfr * data: re-gen 1725178825Sdfr 1726178825Sdfr * data/gen-req.sh: build proxy certificates 1727178825Sdfr 1728178825Sdfr * data/openssl.cnf: add def for proxy10_cert 1729178825Sdfr 1730178825Sdfr * hx509_err.et: Add another proxy certificate error. 1731178825Sdfr 1732178825Sdfr * cert.c (hx509_verify_path): Need to mangle name to remove the CN 1733178825Sdfr of the subject, copying issuer only works for one level but is 1734178825Sdfr better then doing no checking at all. 1735178825Sdfr 1736178825Sdfr * hxtool.c: Add verify --allow-proxy-certificate. 1737178825Sdfr 1738178825Sdfr * hxtool-commands.in: add verify --allow-proxy-certificate 1739178825Sdfr 1740178825Sdfr * hx509_err.et: Add proxy certificate errors. 1741178825Sdfr 1742178825Sdfr * cert.c: Fix comment about subject name of proxy certificate. 1743178825Sdfr 1744178825Sdfr * test_chain.in: tests for proxy certs 1745178825Sdfr 1746178825Sdfr * data/gen-req.sh: gen proxy and non-proxy tests certificates 1747178825Sdfr 1748178825Sdfr * data/openssl.cnf: Add definition for proxy certs 1749178825Sdfr 1750178825Sdfr * data/*proxy-test.*: Add proxy certificates 1751178825Sdfr 1752178825Sdfr * cert.c (hx509_verify_path): verify proxy certificate have no san 1753178825Sdfr or ian 1754178825Sdfr 1755178825Sdfr * cert.c (hx509_verify_set_proxy_certificate): Add 1756178825Sdfr (*): rename policy cert to proxy cert 1757178825Sdfr 1758178825Sdfr * cert.c: Initial support for proxy certificates. 1759178825Sdfr 1760178825Sdfr2006-04-24 Love H�rnquist �strand <lha@it.su.se> 1761178825Sdfr 1762178825Sdfr * hxtool.c: some error checking 1763178825Sdfr 1764178825Sdfr * name.c: Switch over to asn1 generaed oids. 1765178825Sdfr 1766178825Sdfr * TODO: merge with old todo file 1767178825Sdfr 1768178825Sdfr2006-04-23 Love H�rnquist �strand <lha@it.su.se> 1769178825Sdfr 1770178825Sdfr * test_query.in: make quiet 1771178825Sdfr 1772178825Sdfr * test_req.in: SKIP test if there is no RSA support. 1773178825Sdfr 1774178825Sdfr * hxtool.c: print dh method too 1775178825Sdfr 1776178825Sdfr * test_chain.in: SKIP test if there is no RSA support. 1777178825Sdfr 1778178825Sdfr * test_cms.in: SKIP test if there is no RSA support. 1779178825Sdfr 1780178825Sdfr * test_nist.in: SKIP test if there is no RSA support. 1781178825Sdfr 1782178825Sdfr2006-04-22 Love H�rnquist �strand <lha@it.su.se> 1783178825Sdfr 1784178825Sdfr * hxtool-commands.in: Allow passing in pool and anchor to 1785178825Sdfr signedData 1786178825Sdfr 1787178825Sdfr * hxtool.c: Allow passing in pool and anchor to signedData 1788178825Sdfr 1789178825Sdfr * test_cms.in: Test that certs in signed data is picked up. 1790178825Sdfr 1791178825Sdfr * hx_locl.h: Expose the path building function to internal 1792178825Sdfr functions. 1793178825Sdfr 1794178825Sdfr * cert.c: Expose the path building function to internal functions. 1795178825Sdfr 1796178825Sdfr * hxtool-commands.in: cms-envelope: Add support for choosing the 1797178825Sdfr encryption type 1798178825Sdfr 1799178825Sdfr * hxtool.c (cms_create_enveloped): Add support for choosing the 1800178825Sdfr encryption type 1801178825Sdfr 1802178825Sdfr * test_cms.in: Test generating des-ede3 aes-128 aes-256 enveloped 1803178825Sdfr data 1804178825Sdfr 1805178825Sdfr * crypto.c: Add names to cipher types. 1806178825Sdfr 1807178825Sdfr * cert.c (hx509_query_match_friendly_name): fix return value 1808178825Sdfr 1809178825Sdfr * data/gen-req.sh: generate tests for enveloped data using 1810178825Sdfr des-ede3 and aes256 1811178825Sdfr 1812178825Sdfr * test_cms.in: add tests for enveloped data using des-ede3 and 1813178825Sdfr aes256 1814178825Sdfr 1815178825Sdfr * cert.c (hx509_query_match_friendly_name): New function. 1816178825Sdfr 1817178825Sdfr2006-04-21 Love H�rnquist �strand <lha@it.su.se> 1818178825Sdfr 1819178825Sdfr * ks_p11.c: Add support for parsing slot-number. 1820178825Sdfr 1821178825Sdfr * crypto.c (oid_private_rc2_40): simply 1822178825Sdfr 1823178825Sdfr * crypto.c: Use oids from asn1 generator. 1824178825Sdfr 1825178825Sdfr * ks_file.c (file_init): reset length when done with a part 1826178825Sdfr 1827178825Sdfr * test_cms.in: check with test.combined.crt. 1828178825Sdfr 1829178825Sdfr * data/gen-req.sh: Create test.combined.crt. 1830178825Sdfr 1831178825Sdfr * test_cms.in: Test signed data using keyfile that is encrypted. 1832178825Sdfr 1833178825Sdfr * ks_file.c: Remove (commented out) debug printf 1834178825Sdfr 1835178825Sdfr * ks_file.c (parse_rsa_private_key): use EVP_get_cipherbyname 1836178825Sdfr 1837178825Sdfr * ks_file.c (parse_rsa_private_key): make working for one 1838178825Sdfr password. 1839178825Sdfr 1840178825Sdfr * ks_file.c (parse_rsa_private_key): Implement enought for 1841178825Sdfr testing. 1842178825Sdfr 1843178825Sdfr * hx_locl.h: Add <ctype.h> 1844178825Sdfr 1845178825Sdfr * ks_file.c: Add glue code for PEM encrypted password files. 1846178825Sdfr 1847178825Sdfr * test_cms.in: Add commeted out password protected PEM file, 1848178825Sdfr remove password for those tests that doesn't need it. 1849178825Sdfr 1850178825Sdfr * test_cms.in: adapt test now that we can use any certificate and 1851178825Sdfr trust anchor 1852178825Sdfr 1853178825Sdfr * collector.c: handle PEM RSA PRIVATE KEY files 1854178825Sdfr 1855178825Sdfr * cert.c: Remove unused function. 1856178825Sdfr 1857178825Sdfr * ks_dir.c: move code here from ks_file.c now that its no longer 1858178825Sdfr used. 1859178825Sdfr 1860178825Sdfr * ks_file.c: Add support for parsing unencrypted RSA PRIVATE KEY 1861178825Sdfr 1862178825Sdfr * crypto.c: Handle rsa private keys better. 1863178825Sdfr 1864178825Sdfr2006-04-20 Love H�rnquist �strand <lha@it.su.se> 1865178825Sdfr 1866178825Sdfr * hxtool.c: Use hx509_cms_{,un}wrap_ContentInfo 1867178825Sdfr 1868178825Sdfr * cms.c: Make hx509_cms_{,un}wrap_ContentInfo usable in asn1 1869178825Sdfr un-aware code. 1870178825Sdfr 1871178825Sdfr * cert.c (hx509_verify_path): if trust anchor is not self signed, 1872178825Sdfr don't check sig From Douglas Engert. 1873178825Sdfr 1874178825Sdfr * test_chain.in: test "sub-cert -> sub-ca" 1875178825Sdfr 1876178825Sdfr * crypto.c: Use the right length for the sha256 checksums. 1877178825Sdfr 1878178825Sdfr2006-04-15 Love H�rnquist �strand <lha@it.su.se> 1879178825Sdfr 1880178825Sdfr * crypto.c: Fix breakage from sha256 code. 1881178825Sdfr 1882178825Sdfr * crypto.c: Add SHA256 support, and symbols for the other new 1883178825Sdfr SHA-2 types. 1884178825Sdfr 1885178825Sdfr2006-04-14 Love H�rnquist �strand <lha@it.su.se> 1886178825Sdfr 1887178825Sdfr * test_cms.in: test rc2-40 rc2-64 rc2-128 enveloped data 1888178825Sdfr 1889178825Sdfr * data/test-enveloped-rc2-{40,64,128}: add tests cases for rc2 1890178825Sdfr 1891178825Sdfr * cms.c: Update prototypes changes for hx509_crypto_[gs]et_params. 1892178825Sdfr 1893178825Sdfr * crypto.c: Break out the parameter handling code for encrypting 1894178825Sdfr data to handle RC2. Needed for Windows 2k pk-init support. 1895178825Sdfr 1896178825Sdfr2006-04-04 Love H�rnquist �strand <lha@it.su.se> 1897178825Sdfr 1898178825Sdfr * Makefile.am: Split libhx509_la_SOURCES into build file and 1899178825Sdfr distributed files so we can avoid building prototypes for 1900178825Sdfr build-files. 1901178825Sdfr 1902178825Sdfr2006-04-03 Love H�rnquist �strand <lha@it.su.se> 1903178825Sdfr 1904178825Sdfr * TODO: split certificate request into pkcs10 and CRMF 1905178825Sdfr 1906178825Sdfr * hxtool-commands.in: Add nonce flag to ocsp-fetch 1907178825Sdfr 1908178825Sdfr * hxtool.c: control sending nonce 1909178825Sdfr 1910178825Sdfr * hxtool.c (request_create): store the request in a file, no in 1911178825Sdfr bitbucket. 1912178825Sdfr 1913178825Sdfr * cert.c: expose print_cert_subject internally 1914178825Sdfr 1915178825Sdfr * hxtool.c: Add ocsp_print. 1916178825Sdfr 1917178825Sdfr * hxtool-commands.in: New command "ocsp-print". 1918178825Sdfr 1919178825Sdfr * hx_locl.h: Include <hex.h>. 1920178825Sdfr 1921178825Sdfr * revoke.c (verify_ocsp): require issuer to match too. 1922178825Sdfr (free_ocsp): new function 1923178825Sdfr (hx509_revoke_ocsp_print): new function, print ocsp reply 1924178825Sdfr 1925178825Sdfr * Makefile.am: build CRMF files 1926178825Sdfr 1927178825Sdfr * data/key.der: needed for cert request test 1928178825Sdfr 1929178825Sdfr * test_req.in: adapt to rename of pkcs10-create to request-create 1930178825Sdfr 1931178825Sdfr * hxtool.c: adapt to rename of pkcs10-create to request-create 1932178825Sdfr 1933178825Sdfr * hxtool-commands.in: Rename pkcs10-create to request-create 1934178825Sdfr 1935178825Sdfr * crypto.c: (_hx509_parse_private_key): Avoid crashing on bad input. 1936178825Sdfr 1937178825Sdfr * hxtool.c (pkcs10_create): use opt->subject_string 1938178825Sdfr 1939178825Sdfr * hxtool-commands.in: Add pkcs10-create --subject 1940178825Sdfr 1941178825Sdfr * Makefile.am: Add test_req to tests. 1942178825Sdfr 1943178825Sdfr * test_req.in: Test for pkcs10 commands. 1944178825Sdfr 1945178825Sdfr * name.c (hx509_parse_name): new function. 1946178825Sdfr 1947178825Sdfr * hxtool.c (pkcs10_create): implement 1948178825Sdfr 1949178825Sdfr * hxtool-commands.in (pkcs10-create): Add arguments 1950178825Sdfr 1951178825Sdfr * crypto.c: Add _hx509_private_key2SPKI and support 1952178825Sdfr functions (only support RSA for now). 1953178825Sdfr 1954178825Sdfr2006-04-02 Love H�rnquist �strand <lha@it.su.se> 1955178825Sdfr 1956178825Sdfr * hxtool-commands.in: Add pkcs10-create command. 1957178825Sdfr 1958178825Sdfr * hx509.h: Add hx509_request. 1959178825Sdfr 1960178825Sdfr * TODO: more stuff 1961178825Sdfr 1962178825Sdfr * Makefile.am: Add req.c 1963178825Sdfr 1964178825Sdfr * req.c: Create certificate requests, prototype converts the 1965178825Sdfr request in a pkcs10 packet. 1966178825Sdfr 1967178825Sdfr * hxtool.c: Add pkcs10_create 1968178825Sdfr 1969178825Sdfr * name.c (hx509_name_copy): new function. 1970178825Sdfr 1971178825Sdfr2006-04-01 Love H�rnquist �strand <lha@it.su.se> 1972178825Sdfr 1973178825Sdfr * TODO: fill out what do 1974178825Sdfr 1975178825Sdfr * hxtool-commands.in: add pkcs10-print 1976178825Sdfr 1977178825Sdfr * hx_locl.h: Include <pkcs10_asn1.h>. 1978178825Sdfr 1979178825Sdfr * pkcs10.asn1: PKCS#10 1980178825Sdfr 1981178825Sdfr * hxtool.c (pkcs10_print): new function. 1982178825Sdfr 1983178825Sdfr * test_chain.in: test ocsp keyhash 1984178825Sdfr 1985178825Sdfr * data: generate ocsp keyhash version too 1986178825Sdfr 1987178825Sdfr * revoke.c (load_ocsp): test that we got back a BasicReponse 1988178825Sdfr 1989178825Sdfr * ocsp.asn1: Add asn1_id_pkix_ocsp*. 1990178825Sdfr 1991178825Sdfr * Makefile.am: Add asn1_id_pkix_ocsp*. 1992178825Sdfr 1993178825Sdfr * cert.c: Add HX509_QUERY_MATCH_KEY_HASH_SHA1 1994178825Sdfr 1995178825Sdfr * hx_locl.h: Add HX509_QUERY_MATCH_KEY_HASH_SHA1 1996178825Sdfr 1997178825Sdfr * revoke.c: Support OCSPResponderID.byKey, indent. 1998178825Sdfr 1999178825Sdfr * revoke.c (hx509_ocsp_request): Add nonce to ocsp request. 2000178825Sdfr 2001178825Sdfr * hxtool.c: Add nonce to ocsp request. 2002178825Sdfr 2003178825Sdfr * test_chain.in: Added crl tests 2004178825Sdfr 2005178825Sdfr * data/nist-data: rename missing-crl to missing-revoke 2006178825Sdfr 2007178825Sdfr * data: make ca use openssl ca command so we can add ocsp tests, 2008178825Sdfr and regen certs 2009178825Sdfr 2010178825Sdfr * test_chain.in: Add revoked ocsp cert test 2011178825Sdfr 2012178825Sdfr * cert.c: rename missing-crl to missing-revoke 2013178825Sdfr 2014178825Sdfr * revoke.c: refactor code, fix a un-init-ed variable 2015178825Sdfr 2016178825Sdfr * test_chain.in: rename missing-crl to missing-revoke add ocsp 2017178825Sdfr tests 2018178825Sdfr 2019178825Sdfr * test_cms.in: rename missing-crl to missing-revoke 2020178825Sdfr 2021178825Sdfr * hxtool.c: rename missing-crl to missing-revoke 2022178825Sdfr 2023178825Sdfr * hxtool-commands.in: rename missing-crl to missing-revoke 2024178825Sdfr 2025178825Sdfr * revoke.c: Plug one memory leak. 2026178825Sdfr 2027178825Sdfr * revoke.c: Renamed generic CRL related errors. 2028178825Sdfr 2029178825Sdfr * hx509_err.et: Comments and renamed generic CRL related errors 2030178825Sdfr 2031178825Sdfr * revoke.c: Add ocsp checker. 2032178825Sdfr 2033178825Sdfr * ocsp.asn1: Add id-kp-OCSPSigning 2034178825Sdfr 2035178825Sdfr * hxtool-commands.in: add url-path argument to ocsp-fetch 2036178825Sdfr 2037178825Sdfr * hxtool.c: implement ocsp-fetch 2038178825Sdfr 2039178825Sdfr * cert.c: Use HX509_DEFAULT_OCSP_TIME_DIFF. 2040178825Sdfr 2041178825Sdfr * hx_locl.h: Add ocsp_time_diff to hx509_context 2042178825Sdfr 2043178825Sdfr * crypto.c (_hx509_verify_signature_bitstring): new function, 2044178825Sdfr commonly use when checking certificates 2045178825Sdfr 2046178825Sdfr * cms.c (hx509_cms_envelope_1): check for internal ASN.1 encoder 2047178825Sdfr error 2048178825Sdfr 2049178825Sdfr * cert.c: Add ocsp glue, use new 2050178825Sdfr _hx509_verify_signature_bitstring, add eku checking function. 2051178825Sdfr 2052178825Sdfr2006-03-31 Love H�rnquist �strand <lha@it.su.se> 2053178825Sdfr 2054178825Sdfr * Makefile.am: add id_kp_OCSPSigning.x 2055178825Sdfr 2056178825Sdfr * revoke.c: Pick out certs in ocsp response 2057178825Sdfr 2058178825Sdfr * TODO: list of stuff to verify 2059178825Sdfr 2060178825Sdfr * revoke.c: Add code to load OCSPBasicOCSPResponse files, reload 2061178825Sdfr crl when its changed on disk. 2062178825Sdfr 2063178825Sdfr * cert.c: Update for ocsp merge. handle building path w/o 2064178825Sdfr subject (using subject key id) 2065178825Sdfr 2066178825Sdfr * ks_p12.c: _hx509_map_file changed prototype. 2067178825Sdfr 2068178825Sdfr * file.c: _hx509_map_file changed prototype, returns struct stat 2069178825Sdfr if requested. 2070178825Sdfr 2071178825Sdfr * ks_file.c: _hx509_map_file changed prototype. 2072178825Sdfr 2073178825Sdfr * hxtool.c: Add stub for ocsp-fetch, _hx509_map_file changed 2074178825Sdfr prototype, add ocsp parsing to verify command. 2075178825Sdfr 2076178825Sdfr * hx_locl.h: rename HX509_CTX_CRL_MISSING_OK to 2077178825Sdfr HX509_CTX_VERIFY_MISSING_OK now that we have OCSP glue 2078178825Sdfr 2079178825Sdfr2006-03-30 Love H�rnquist �strand <lha@it.su.se> 2080178825Sdfr 2081178825Sdfr * hx_locl.h: Add <krb5-types.h> to make it compile on Solaris, 2082178825Sdfr from Alex V. Labuta. 2083178825Sdfr 2084178825Sdfr2006-03-28 Love H�rnquist �strand <lha@it.su.se> 2085178825Sdfr 2086178825Sdfr * crypto.c (_hx509_pbe_decrypt): try all passwords, not just the 2087178825Sdfr first one. 2088178825Sdfr 2089178825Sdfr2006-03-27 Love H�rnquist �strand <lha@it.su.se> 2090178825Sdfr 2091178825Sdfr * print.c (check_altName): Print the othername oid. 2092178825Sdfr 2093178825Sdfr * crypto.c: Manual page claims RSA_public_decrypt will return -1 2094178825Sdfr on error, lets check for that 2095178825Sdfr 2096178825Sdfr * crypto.c (_hx509_pbe_decrypt): also try the empty password 2097178825Sdfr 2098178825Sdfr * collector.c (match_localkeyid): no need to add back the cert to 2099178825Sdfr the cert pool, its already there. 2100178825Sdfr 2101178825Sdfr * crypto.c: Add REQUIRE_SIGNER 2102178825Sdfr 2103178825Sdfr * cert.c (hx509_cert_free): ok to free NULL 2104178825Sdfr 2105178825Sdfr * hx509_err.et: Add new error code SIGNATURE_WITHOUT_SIGNER. 2106178825Sdfr 2107178825Sdfr * name.c (_hx509_name_ds_cmp): make DirectoryString case 2108178825Sdfr insenstive 2109178825Sdfr (hx509_name_to_string): less spacing 2110178825Sdfr 2111178825Sdfr * cms.c: Check for signature error, check consitency of error 2112178825Sdfr 2113178825Sdfr2006-03-26 Love H�rnquist �strand <lha@it.su.se> 2114178825Sdfr 2115178825Sdfr * collector.c (_hx509_collector_alloc): handle errors 2116178825Sdfr 2117178825Sdfr * cert.c (hx509_query_alloc): allocate slight more more then a 2118178825Sdfr sizeof(pointer) 2119178825Sdfr 2120178825Sdfr * crypto.c (_hx509_private_key_assign_key_file): ask for password 2121178825Sdfr if nothing matches. 2122178825Sdfr 2123178825Sdfr * cert.c: Expose more of the hx509_query interface. 2124178825Sdfr 2125178825Sdfr * collector.c: hx509_certs_find is now exposed. 2126178825Sdfr 2127178825Sdfr * cms.c: hx509_certs_find is now exposed. 2128178825Sdfr 2129178825Sdfr * revoke.c: hx509_certs_find is now exposed. 2130178825Sdfr 2131178825Sdfr * keyset.c (hx509_certs_free): allow free-ing NULL 2132178825Sdfr (hx509_certs_find): expose 2133178825Sdfr (hx509_get_one_cert): new function 2134178825Sdfr 2135178825Sdfr * hxtool.c: hx509_certs_find is now exposed. 2136178825Sdfr 2137178825Sdfr * hx_locl.h: Remove hx509_query, its exposed now. 2138178825Sdfr 2139178825Sdfr * hx509.h: Add hx509_query. 2140178825Sdfr 2141178825Sdfr2006-02-22 Love H�rnquist �strand <lha@it.su.se> 2142178825Sdfr 2143178825Sdfr * cert.c: Add exceptions for null (empty) subjectNames 2144178825Sdfr 2145178825Sdfr * data/nist-data: Add some more name constraints tests. 2146178825Sdfr 2147178825Sdfr * data/nist-data: Add some of the test from 4.13 Name Constraints. 2148178825Sdfr 2149178825Sdfr * cert.c: Name constraits needs to be evaluated in block as they 2150178825Sdfr appear in the certificates, they can not be joined to one 2151178825Sdfr list. One example of this is: 2152178825Sdfr 2153178825Sdfr - cert is cn=foo,dc=bar,dc=baz 2154178825Sdfr - subca is dc=foo,dc=baz with name restriction dc=kaka,dc=baz 2155178825Sdfr - ca is dc=baz with name restriction dc=baz 2156178825Sdfr 2157178825Sdfr If the name restrictions are merged to a list, the certificate 2158178825Sdfr will pass this test. 2159178825Sdfr 2160178825Sdfr2006-02-14 Love H�rnquist �strand <lha@it.su.se> 2161178825Sdfr 2162178825Sdfr * cert.c: Handle more name constraints cases. 2163178825Sdfr 2164178825Sdfr * crypto.c (dsa_verify_signature): if test if malloc failed 2165178825Sdfr 2166178825Sdfr2006-01-31 Love H�rnquist �strand <lha@it.su.se> 2167178825Sdfr 2168178825Sdfr * cms.c: Drop partial pkcs12 string2key implementation. 2169178825Sdfr 2170178825Sdfr2006-01-20 Love H�rnquist �strand <lha@it.su.se> 2171178825Sdfr 2172178825Sdfr * data/nist-data: Add commited out DSA tests (they fail). 2173178825Sdfr 2174178825Sdfr * data/nist-data: Add 4.2 Validity Periods. 2175178825Sdfr 2176178825Sdfr * test_nist.in: Make less verbose to use. 2177178825Sdfr 2178178825Sdfr * Makefile.am: Add test_nist_cert. 2179178825Sdfr 2180178825Sdfr * data/nist-data: Add some more CRL-tests. 2181178825Sdfr 2182178825Sdfr * test_nist.in: Print $id instead of . when running the tests. 2183178825Sdfr 2184178825Sdfr * test_nist.in: Drop verifying certifiates, its done in another 2185178825Sdfr test now. 2186178825Sdfr 2187178825Sdfr * data/nist-data: fixup kill-rectangle leftovers 2188178825Sdfr 2189178825Sdfr * data/nist-data: Drop verifying certifiates, its done in another 2190178825Sdfr test now. Add more crl tests. comment out all unused tests. 2191178825Sdfr 2192178825Sdfr * test_nist_cert.in: test parse all nist certs 2193178825Sdfr 2194178825Sdfr2006-01-19 Love H�rnquist �strand <lha@it.su.se> 2195178825Sdfr 2196178825Sdfr * hx509_err.et: Add HX509_CRL_UNKNOWN_EXTENSION. 2197178825Sdfr 2198178825Sdfr * revoke.c: Check for unknown extentions in CRLs and CRLEntries. 2199178825Sdfr 2200178825Sdfr * test_nist.in: Parse new format to handle CRL info. 2201178825Sdfr 2202178825Sdfr * test_chain.in: Add --missing-crl. 2203178825Sdfr 2204178825Sdfr * name.c (hx509_unparse_der_name): Rename from hx509_parse_name. 2205178825Sdfr (_hx509_unparse_Name): Add. 2206178825Sdfr 2207178825Sdfr * hxtool-commands.in: Add --missing-crl to verify commands. 2208178825Sdfr 2209178825Sdfr * hx509_err.et: Add CRL errors. 2210178825Sdfr 2211178825Sdfr * cert.c (hx509_context_set_missing_crl): new function Add CRL 2212178825Sdfr handling. 2213178825Sdfr 2214178825Sdfr * hx_locl.h: Add HX509_CTX_CRL_MISSING_OK. 2215178825Sdfr 2216178825Sdfr * revoke.c: Parse and verify CRLs (simplistic). 2217178825Sdfr 2218178825Sdfr * hxtool.c: Parse CRL info. 2219178825Sdfr 2220178825Sdfr * data/nist-data: Change format so we can deal with CRLs, also 2221178825Sdfr note the test-id from PKITS. 2222178825Sdfr 2223178825Sdfr * data: regenerate test 2224178825Sdfr 2225178825Sdfr * data/gen-req.sh: use static-file to generate tests 2226178825Sdfr 2227178825Sdfr * data/static-file: new file to use for commited tests 2228178825Sdfr 2229178825Sdfr * test_cms.in: Use static file, add --missing-crl. 2230178825Sdfr 2231178825Sdfr2006-01-18 Love H�rnquist �strand <lha@it.su.se> 2232178825Sdfr 2233178825Sdfr * print.c: Its cRLReason, not cRLReasons. 2234178825Sdfr 2235178825Sdfr * hxtool.c: Attach revoke context to verify context. 2236178825Sdfr 2237178825Sdfr * data/nist-data: change syntax to make match better with crl 2238178825Sdfr checks 2239178825Sdfr 2240178825Sdfr * cert.c: Verify no certificates has been revoked with the new 2241178825Sdfr revoke interface. 2242178825Sdfr 2243178825Sdfr * Makefile.am: libhx509_la_SOURCES += revoke.c 2244178825Sdfr 2245178825Sdfr * revoke.c: Add framework for handling CRLs. 2246178825Sdfr 2247178825Sdfr * hx509.h: Add hx509_revoke_ctx. 2248178825Sdfr 2249178825Sdfr2006-01-13 Love H�rnquist �strand <lha@it.su.se> 2250178825Sdfr 2251178825Sdfr * delete crypto_headers.h, use global file instead. 2252178825Sdfr 2253178825Sdfr * crypto.c (PBE_string2key): libdes now supports PKCS12_key_gen 2254178825Sdfr 2255178825Sdfr2006-01-12 Love H�rnquist �strand <lha@it.su.se> 2256178825Sdfr 2257178825Sdfr * crypto_headers.h: Need BN_is_negative too. 2258178825Sdfr 2259178825Sdfr2006-01-11 Love H�rnquist �strand <lha@it.su.se> 2260178825Sdfr 2261178825Sdfr * ks_p11.c (p11_rsa_public_decrypt): since is wrong, don't provide 2262178825Sdfr it. PKCS11 can't do public_decrypt, it support verify though. All 2263178825Sdfr this doesn't matter, since the code never go though this path. 2264178825Sdfr 2265178825Sdfr * crypto_headers.h: Provide glue to compile with less warnings 2266178825Sdfr with OpenSSL 2267178825Sdfr 2268178825Sdfr2006-01-08 Love H�rnquist �strand <lha@it.su.se> 2269178825Sdfr 2270178825Sdfr * Makefile.am: Depend on LIB_des 2271178825Sdfr 2272178825Sdfr * lock.c: Use "crypto_headers.h". 2273178825Sdfr 2274178825Sdfr * crypto_headers.h: Include the two diffrent implementation of 2275178825Sdfr crypto headers. 2276178825Sdfr 2277178825Sdfr * cert.c: Use "crypto-headers.h". Load ENGINE configuration. 2278178825Sdfr 2279178825Sdfr * crypto.c: Make compile with both OpenSSL and heimdal libdes. 2280178825Sdfr 2281178825Sdfr * ks_p11.c: Add code for public key decryption (not supported yet) 2282178825Sdfr and use "crypto-headers.h". 2283178825Sdfr 2284178825Sdfr 2285178825Sdfr2006-01-04 Love H�rnquist �strand <lha@it.su.se> 2286178825Sdfr 2287178825Sdfr * add a hx509_context where we can store configuration 2288178825Sdfr 2289178825Sdfr * p11.c,Makefile.am: pkcs11 is now supported by library, remove 2290178825Sdfr old files. 2291178825Sdfr 2292178825Sdfr * ks_p11.c: more paranoid on refcount, set refcounter ealier, 2293178825Sdfr reset pointers after free 2294178825Sdfr 2295178825Sdfr * collector.c (struct private_key): remove temporary key data 2296178825Sdfr storage, convert directly to a key 2297178825Sdfr (match_localkeyid): match certificate and key using localkeyid 2298178825Sdfr (match_keys): match certificate and key using _hx509_match_keys 2299178825Sdfr (_hx509_collector_collect): rewrite to use match_keys and 2300178825Sdfr match_localkeyid 2301178825Sdfr 2302178825Sdfr * crypto.c (_hx509_match_keys): function that determins if a 2303178825Sdfr private key matches a certificate, used when there is no 2304178825Sdfr localkeyid. 2305178825Sdfr (*) reset free pointer 2306178825Sdfr 2307178825Sdfr * ks_file.c: Rewrite to use collector and mapping support 2308178825Sdfr function. 2309178825Sdfr 2310178825Sdfr * ks_p11.c (rsa_pkcs1_method): constify 2311178825Sdfr 2312178825Sdfr * ks_p11.c: drop extra wrapping of p11_init 2313178825Sdfr 2314178825Sdfr * crypto.c (_hx509_private_key_assign_key_file): use function to 2315178825Sdfr extact rsa key 2316178825Sdfr 2317178825Sdfr * cert.c: Revert previous, refcounter is unsigned, so it can never 2318178825Sdfr be negative. 2319178825Sdfr 2320178825Sdfr * cert.c (hx509_cert_ref): more refcount paranoia 2321178825Sdfr 2322178825Sdfr * ks_p11.c: Implement rsa_private_decrypt and add stubs for public 2323178825Sdfr ditto. 2324178825Sdfr 2325178825Sdfr * ks_p11.c: Less printf, less memory leaks. 2326178825Sdfr 2327178825Sdfr * ks_p11.c: Implement signing using pkcs11. 2328178825Sdfr 2329178825Sdfr * ks_p11.c: Partly assign private key, enough to complete 2330178825Sdfr collection, but not any crypto functionallity. 2331178825Sdfr 2332178825Sdfr * collector.c: Use hx509_private_key to assign private keys. 2333178825Sdfr 2334178825Sdfr * crypto.c: Remove most of the EVP_PKEY code, and use RSA 2335178825Sdfr directly, this temporary removes DSA support. 2336178825Sdfr 2337178825Sdfr * hxtool.c (print_f): print if there is a friendly name and if 2338178825Sdfr there is a private key 2339178825Sdfr 2340178825Sdfr2006-01-03 Love H�rnquist �strand <lha@it.su.se> 2341178825Sdfr 2342178825Sdfr * name.c: Avoid warning from missing __attribute__((noreturn)) 2343178825Sdfr 2344178825Sdfr * lock.c (_hx509_lock_unlock_certs): return unlock certificates 2345178825Sdfr 2346178825Sdfr * crypto.c (_hx509_private_key_assign_ptr): new function, exposes 2347178825Sdfr EVP_PKEY 2348178825Sdfr (_hx509_private_key_assign_key_file): remember to free private key 2349178825Sdfr if there is one. 2350178825Sdfr 2351178825Sdfr * cert.c (_hx509_abort): add newline to output and flush stdout 2352178825Sdfr 2353178825Sdfr * Makefile.am: libhx509_la_SOURCES += collector.c 2354178825Sdfr 2355178825Sdfr * hx_locl.h: forward type declaration of struct hx509_collector. 2356178825Sdfr 2357178825Sdfr * collector.c: Support functions to collect certificates and 2358178825Sdfr private keys and then match them. 2359178825Sdfr 2360178825Sdfr * ks_p12.c: Use the new hx509_collector support functions. 2361178825Sdfr 2362178825Sdfr * ks_p11.c: Add enough glue to support certificate iteration. 2363178825Sdfr 2364178825Sdfr * test_nist_pkcs12.in: Less verbose. 2365178825Sdfr 2366178825Sdfr * cert.c (hx509_cert_free): if there is a private key assosited 2367178825Sdfr with this cert, free it 2368178825Sdfr 2369178825Sdfr * print.c: Use _hx509_abort. 2370178825Sdfr 2371178825Sdfr * ks_p12.c: Use _hx509_abort. 2372178825Sdfr 2373178825Sdfr * hxtool.c: Use _hx509_abort. 2374178825Sdfr 2375178825Sdfr * crypto.c: Use _hx509_abort. 2376178825Sdfr 2377178825Sdfr * cms.c: Use _hx509_abort. 2378178825Sdfr 2379178825Sdfr * cert.c: Use _hx509_abort. 2380178825Sdfr 2381178825Sdfr * name.c: use _hx509_abort 2382178825Sdfr 2383178825Sdfr2006-01-02 Love H�rnquist �strand <lha@it.su.se> 2384178825Sdfr 2385178825Sdfr * name.c (hx509_name_to_string): don't cut bmpString in half. 2386178825Sdfr 2387178825Sdfr * name.c (hx509_name_to_string): don't overwrite with 1 byte with 2388178825Sdfr bmpString. 2389178825Sdfr 2390178825Sdfr * ks_file.c (parse_certificate): avoid stomping before array 2391178825Sdfr 2392178825Sdfr * name.c (oidtostring): avoid leaking memory 2393178825Sdfr 2394178825Sdfr * keyset.c: Add _hx509_ks_dir_register. 2395178825Sdfr 2396178825Sdfr * Makefile.am (libhx509_la_SOURCES): += ks_dir.c 2397178825Sdfr 2398178825Sdfr * hxtool-commands.in: Remove pkcs11. 2399178825Sdfr 2400178825Sdfr * hxtool.c: Remove pcert_pkcs11. 2401178825Sdfr 2402178825Sdfr * ks_file.c: Factor out certificate parsing code. 2403178825Sdfr 2404178825Sdfr * ks_dir.c: Add new keystore that treats all files in a directory 2405178825Sdfr a keystore, useful for regression tests. 2406178825Sdfr 2407178825Sdfr2005-12-12 Love H�rnquist �strand <lha@it.su.se> 2408178825Sdfr 2409178825Sdfr * test_nist_pkcs12.in: Test parse PKCS12 files from NIST. 2410178825Sdfr 2411178825Sdfr * data/nist-data: Can handle DSA certificate. 2412178825Sdfr 2413178825Sdfr * hxtool.c: Print error code on failure. 2414178825Sdfr 2415178825Sdfr2005-10-29 Love H�rnquist �strand <lha@it.su.se> 2416178825Sdfr 2417178825Sdfr * crypto.c: Support DSA signature operations. 2418178825Sdfr 2419178825Sdfr2005-10-04 Love H�rnquist �strand <lha@it.su.se> 2420178825Sdfr 2421178825Sdfr * print.c: Validate that issuerAltName and subjectAltName isn't 2422178825Sdfr empty. 2423178825Sdfr 2424178825Sdfr2005-09-14 Love H�rnquist �strand <lha@it.su.se> 2425178825Sdfr 2426178825Sdfr * p11.c: Cast to unsigned char to avoid warning. 2427178825Sdfr 2428178825Sdfr * keyset.c: Register pkcs11 module. 2429178825Sdfr 2430178825Sdfr * Makefile.am: Add ks_p11.c, install hxtool. 2431178825Sdfr 2432178825Sdfr * ks_p11.c: Starting point of a pkcs11 module. 2433178825Sdfr 2434178825Sdfr2005-09-04 Love H�rnquist �strand <lha@it.su.se> 2435178825Sdfr 2436178825Sdfr * lock.c: Implement prompter. 2437178825Sdfr 2438178825Sdfr * hxtool-commands.in: add --content to print 2439178825Sdfr 2440178825Sdfr * hxtool.c: Split verify and print. 2441178825Sdfr 2442178825Sdfr * cms.c: _hx509_pbe_decrypt now takes a hx509_lock. 2443178825Sdfr 2444178825Sdfr * crypto.c: Make _hx509_pbe_decrypt take a hx509_lock, workaround 2445178825Sdfr for empty password. 2446178825Sdfr 2447178825Sdfr * name.c: Add DC, handle all Directory strings, fix signless 2448178825Sdfr problems. 2449178825Sdfr 2450178825Sdfr2005-09-03 Love H�rnquist �strand <lha@it.su.se> 2451178825Sdfr 2452178825Sdfr * test_query.in: Pass in --pass to all commands. 2453178825Sdfr 2454178825Sdfr * hxtool.c: Use option --pass. 2455178825Sdfr 2456178825Sdfr * hxtool-commands.in: Add --pass to all commands. 2457178825Sdfr 2458178825Sdfr * hx509_err.et: add UNKNOWN_LOCK_COMMAND and CRYPTO_NO_PROMPTER 2459178825Sdfr 2460178825Sdfr * test_cms.in: pass in password to cms-create-sd 2461178825Sdfr 2462178825Sdfr * crypto.c: Abstract out PBE_string2key so I can add PBE2 s2k 2463178825Sdfr later. Avoid signess warnings with OpenSSL. 2464178825Sdfr 2465178825Sdfr * cms.c: Use void * instead of char * for to avoid signedness 2466178825Sdfr issues 2467178825Sdfr 2468178825Sdfr * cert.c (hx509_cert_get_attribute): remove const, its not 2469178825Sdfr 2470178825Sdfr * ks_p12.c: Cast size_t to unsigned long when print. 2471178825Sdfr 2472178825Sdfr * name.c: Fix signedness warning. 2473178825Sdfr 2474178825Sdfr * test_query.in: Use echo, the function check isn't defined here. 2475178825Sdfr 2476178825Sdfr2005-08-11 Love H�rnquist �strand <lha@it.su.se> 2477178825Sdfr 2478178825Sdfr * hxtool-commands.in: Add more options that was missing. 2479178825Sdfr 2480178825Sdfr2005-07-28 Love H�rnquist �strand <lha@it.su.se> 2481178825Sdfr 2482178825Sdfr * test_cms.in: Use --certificate= for enveloped/unenvelope. 2483178825Sdfr 2484178825Sdfr * hxtool.c: Use --certificate= for enveloped/unenvelope. Clean 2485178825Sdfr up. 2486178825Sdfr 2487178825Sdfr * test_cms.in: add EnvelopeData tests 2488178825Sdfr 2489178825Sdfr * hxtool.c: use id-envelopedData for ContentInfo 2490178825Sdfr 2491178825Sdfr * hxtool-commands.in: add contentinfo wrapping for create/unwrap 2492178825Sdfr enveloped data 2493178825Sdfr 2494178825Sdfr * hxtool.c: add contentinfo wrapping for create/unwrap enveloped 2495178825Sdfr data 2496178825Sdfr 2497178825Sdfr * data/gen-req.sh: add enveloped data (aes128) 2498178825Sdfr 2499178825Sdfr * crypto.c: add "new" RC2 oid 2500178825Sdfr 2501178825Sdfr2005-07-27 Love H�rnquist �strand <lha@it.su.se> 2502178825Sdfr 2503178825Sdfr * hx_locl.h, cert.c: Add HX509_QUERY_MATCH_FUNCTION that allows 2504178825Sdfr caller to match by function, note that this doesn't not work 2505178825Sdfr directly for backends that implements ->query, they must do their 2506178825Sdfr own processing. (I'm running out of flags, only 12 left now) 2507178825Sdfr 2508178825Sdfr * test_cms.in: verify ContentInfo wrapping code in hxtool 2509178825Sdfr 2510178825Sdfr * hxtool-commands.in (cms_create_sd): support wrapping in content 2511178825Sdfr info spelling 2512178825Sdfr 2513178825Sdfr * hxtool.c (cms_create_sd): support wrapping in content info 2514178825Sdfr 2515178825Sdfr * test_cms.in: test more cms signeddata messages 2516178825Sdfr 2517178825Sdfr * data/gen-req.sh: generate SignedData 2518178825Sdfr 2519178825Sdfr * hxtool.c (cms_create_sd): support certificate store, add support 2520178825Sdfr to unwrap a ContentInfo the SignedData inside. 2521178825Sdfr 2522178825Sdfr * crypto.c: sprinkel rk_UNCONST 2523178825Sdfr 2524178825Sdfr * crypto.c: add DER NULL to the digest oid's 2525178825Sdfr 2526178825Sdfr * hxtool-commands.in: add --content-info to cms-verify-sd 2527178825Sdfr 2528178825Sdfr * cms.c (hx509_cms_create_signed_1): pass in a full 2529178825Sdfr AlgorithmIdentifier instead of heim_oid for digest_alg 2530178825Sdfr 2531178825Sdfr * crypto.c: make digest_alg a digest_oid, it's not needed right 2532178825Sdfr now 2533178825Sdfr 2534178825Sdfr * hx509_err.et: add CERT_NOT_FOUND 2535178825Sdfr 2536178825Sdfr * keyset.c (_hx509_certs_find): add error code for cert not 2537178825Sdfr found 2538178825Sdfr 2539178825Sdfr * cms.c (hx509_cms_verify_signed): add external store of 2540178825Sdfr certificates, use the right digest algorithm identifier. 2541178825Sdfr 2542178825Sdfr * cert.c: fix const warning 2543178825Sdfr 2544178825Sdfr * ks_p12.c: slightly less verbose 2545178825Sdfr 2546178825Sdfr * cert.c: add hx509_cert_find_subjectAltName_otherName, add 2547178825Sdfr HX509_QUERY_MATCH_FRIENDLY_NAME 2548178825Sdfr 2549178825Sdfr * hx509.h: add hx509_octet_string_list, remove bad comment 2550178825Sdfr 2551178825Sdfr * hx_locl.h: add HX509_QUERY_MATCH_FRIENDLY_NAME 2552178825Sdfr 2553178825Sdfr * keyset.c (hx509_certs_append): needs a hx509_lock, add one 2554178825Sdfr 2555178825Sdfr * Makefile.am: add test cases tempfiles to CLEANFILES 2556178825Sdfr 2557178825Sdfr * Makefile.am: add test_query to TESTS, fix dependency on hxtool 2558178825Sdfr sources on hxtool-commands.h 2559178825Sdfr 2560178825Sdfr * hxtool-commands.in: explain what signer is for create-sd 2561178825Sdfr 2562178825Sdfr * hxtool.c: add query, add more options to verify-sd and create-sd 2563178825Sdfr 2564178825Sdfr * test_cms.in: add more cms tests 2565178825Sdfr 2566178825Sdfr * hxtool-commands.in: add query, add more options to verify-sd 2567178825Sdfr 2568178825Sdfr * test_query.in: test query interface 2569178825Sdfr 2570178825Sdfr * data: fix filenames for ds/ke files, add pkcs12 files, regen 2571178825Sdfr 2572178825Sdfr * hxtool.c,Makefile.am,hxtool-commands.in: switch to slc 2573178825Sdfr 2574178825Sdfr2005-07-26 Love H�rnquist �strand <lha@it.su.se> 2575178825Sdfr 2576178825Sdfr * cert.c (hx509_verify_destroy_ctx): add 2577178825Sdfr 2578178825Sdfr * hxtool.c: free hx509_verify_ctx 2579178825Sdfr 2580178825Sdfr * name.c (_hx509_name_ds_cmp): make sure all strings are not equal 2581178825Sdfr 2582178825Sdfr2005-07-25 Love H�rnquist �strand <lha@it.su.se> 2583178825Sdfr 2584178825Sdfr * hxtool.c: return error 2585178825Sdfr 2586178825Sdfr * keyset.c: return errors from iterations 2587178825Sdfr 2588178825Sdfr * test_chain.in: clean up checks 2589178825Sdfr 2590178825Sdfr * ks_file.c (parse_certificate): return errno's not 1 in case of 2591178825Sdfr error 2592178825Sdfr 2593178825Sdfr * ks_file.c (file_iter): make sure endpointer is NULL 2594178825Sdfr 2595178825Sdfr * ks_mem.c (mem_iter): follow conversion and return NULL when we 2596178825Sdfr get to the end, not ENOENT. 2597178825Sdfr 2598178825Sdfr * Makefile.am: test_chain depends on hxtool 2599178825Sdfr 2600178825Sdfr * data: test certs that lasts 10 years 2601178825Sdfr 2602178825Sdfr * data/gen-req.sh: script to generate test certs 2603178825Sdfr 2604178825Sdfr * Makefile.am: Add regression tests. 2605178825Sdfr 2606178825Sdfr * data: test certificate and keys 2607178825Sdfr 2608178825Sdfr * test_chain.in: test chain 2609178825Sdfr 2610178825Sdfr * hxtool.c (cms_create_sd): add KU digitalSigature as a 2611178825Sdfr requirement to the query 2612178825Sdfr 2613178825Sdfr * hx_locl.h: add KeyUsage query bits 2614178825Sdfr 2615178825Sdfr * hx509_err.et: add KeyUsage error 2616178825Sdfr 2617178825Sdfr * cms.c: add checks for KeyUsage 2618178825Sdfr 2619178825Sdfr * cert.c: more checks on KeyUsage, allow to query on them too 2620178825Sdfr 2621178825Sdfr2005-07-24 Love H�rnquist �strand <lha@it.su.se> 2622178825Sdfr 2623178825Sdfr * cms.c: Add missing break. 2624178825Sdfr 2625178825Sdfr * hx_locl.h,cms.c,cert.c: allow matching on SubjectKeyId 2626178825Sdfr 2627178825Sdfr * hxtool.c: Use _hx509_map_file, _hx509_unmap_file and 2628178825Sdfr _hx509_write_file. 2629178825Sdfr 2630178825Sdfr * file.c (_hx509_write_file): in case of write error, return errno 2631178825Sdfr 2632178825Sdfr * file.c (_hx509_write_file): add a function that write a data 2633178825Sdfr blob to disk too 2634178825Sdfr 2635178825Sdfr * Fix id-tags 2636178825Sdfr 2637178825Sdfr * Import mostly complete X.509 and CMS library. Handles, PEM, DER, 2638178825Sdfr PKCS12 encoded certicates. Verificate RSA chains and handled 2639178825Sdfr CMS's SignedData, and EnvelopedData. 2640178825Sdfr 2641178825Sdfr 2642