aboutsummaryrefslogtreecommitdiff
path: root/src/crypto
AgeCommit message (Expand)AuthorFilesLines
2014-04-01[crypto] Allow wildcard matches on commonName as well as subjectAltNameMichael Brown1-10/+8
2014-03-31[crypto] Add support for subjectAltName and wildcard certificatesMichael Brown1-8/+132
2014-03-30[crypto] Allow signed timestamp error margin to be configured at build timeMichael Brown2-4/+6
2014-03-28[crypto] Use fingerprint when no common name is available for debug messagesMichael Brown1-4/+14
2014-03-28[crypto] Generalise X.509 cache to a full certificate storeMichael Brown5-238/+437
2014-03-27[crypto] Add pubkey_match() to check for matching public/private key pairsMichael Brown1-26/+89
2014-03-25[crypto] Remove dynamically-allocated storage for certificate OCSP URIMichael Brown2-33/+17
2014-03-25[crypto] Remove dynamically-allocated storage for certificate nameMichael Brown3-96/+134
2014-03-25[ocsp] Handle OCSP responses that don't provide certificatesAlexander Chernyakhovsky1-2/+7
2014-02-27[uri] Refactor URI parsing and formattingMichael Brown1-31/+31
2014-01-12[deflate] Fix literal data length calculationMichael Brown1-1/+1
2014-01-06[deflate] Add support for DEFLATE decompressionMichael Brown1-0/+1045
2013-12-05[settings] Force settings into alphabetical order within sectionsMichael Brown2-3/+3
2013-12-05[settings] Explicitly separate the concept of a completed fetched settingMichael Brown2-6/+6
2013-07-19[settings] Change "not-found" semantics of fetch_setting_copy()Michael Brown2-33/+6
2013-05-29[crypto] Accept OCSP responses containing multiple certificatesMichael Brown1-13/+132
2013-05-10[crypto] Report meaningful error when certificate chain validation failsMichael Brown1-7/+5
2013-04-19[libc] Use __einfo() tuple as first argument to EUNIQ()Michael Brown1-1/+1
2012-09-27[crypto] Allow in-place CBC decryptionMichael Brown1-1/+3
2012-07-20[legal] Update FSF mailing address in GPL licence textsMichael Brown26-26/+52
2012-07-09[arp] Try to avoid discarding ARP cache entriesMichael Brown1-1/+1
2012-06-20[crypto] Allow an error margin on X.509 certificate validity periodsMichael Brown2-4/+4
2012-05-22[crypto] Rename KEY= to PRIVKEY= and "key" to "privkey"Michael Brown1-3/+3
2012-05-22[crypto] Require OCSP check if certificate provides an OCSP URIMichael Brown1-0/+12
2012-05-21[crypto] Construct OCSP check URIMichael Brown1-0/+74
2012-05-21[crypto] Fix margin of error for OCSP checksMichael Brown1-2/+2
2012-05-21[crypto] Return a NULL OCSP check if construction failsMichael Brown1-0/+1
2012-05-21[crypto] Return a NULL X.509 certificate if construction failsMichael Brown1-0/+1
2012-05-21[crypto] Accept UTCTime/GeneralizedTime with no "seconds" fieldMichael Brown1-0/+6
2012-05-15[crypto] Add framework for OCSPMichael Brown2-3/+752
2012-05-14[crypto] Add functions for constructing ASN.1 objectsMichael Brown1-0/+139
2012-05-14[crypto] Parse OCSPSigning key purpose, if presentMichael Brown1-0/+8
2012-05-14[crypto] Generalise x509_parse_bit_string() to asn1_bit_string()Michael Brown3-105/+108
2012-05-14[crypto] Generalise asn1_{digest,pubkey,signature}_algorithm()Michael Brown3-106/+129
2012-05-14[crypto] Generalise x509_parse_time() to asn1_generalized_time()Michael Brown2-116/+123
2012-05-14[crypto] Parse X.509 raw public key bit stringMichael Brown1-2/+8
2012-05-09[crypto] Reduce standard debugging outputMichael Brown1-47/+49
2012-05-08[crypto] Add x509_auto_append()Michael Brown2-41/+79
2012-05-08[crypto] Add x509_append_raw()Michael Brown2-21/+38
2012-05-08[crypto] Check that common name contains no NUL charactersMichael Brown1-0/+9
2012-05-08[crypto] Allow for X.509 certificates with no common nameMichael Brown2-4/+5
2012-05-04[crypto] Allow certificate chains to be long-lived data structuresMichael Brown2-225/+636
2012-05-04[crypto] Fix memory leak in cms_verify_digest()Michael Brown1-1/+2
2012-05-04[crypto] Parse OCSP responder URI from X.509 certificateMichael Brown1-6/+142
2012-04-24[crypto] Do not allow build-time cryptography settings to be overriddenMichael Brown2-63/+101
2012-04-24[crypto] Allow client certificate to be changed without a rebuildMichael Brown1-9/+92
2012-04-19[crypto] Allow trusted root certificate to be changed without a rebuildMichael Brown1-1/+64
2012-04-10[crypto] Fix wrong setup in function aes_wrapStefan Weil1-1/+1
2012-03-27[crypto] Add an explicit "RSA signature incorrect" error messageMichael Brown1-1/+7
2012-03-26[crypto] Disambiguate all CMS errorsMichael Brown1-5/+26