c70b982056
OID functionality moved to a separate module.
...
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).
As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.
All OID definitions have been moved to oid.h
All OID matching code is in the OID module.
The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.
The SSL layer cleanup up as a result and adapted to use the MD layer.
The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.
The X509 writer cleaned up and adapted to use the MD layer.
Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
2ca8ad10a1
Made x509parse.c also work with missing hash header files
2013-02-19 13:17:38 +01:00
3497d8c7bf
Do not check sig on trust-ca (might not be top)
2012-11-24 11:53:17 +01:00
9a73632fd9
- Merged changesets 1399 up to and including 1415 into 1.2 branch
2012-11-14 12:39:52 +00:00
97872aceb6
- Merged 1397 in branch for 1.2
2012-11-02 12:53:26 +00:00
4a2bd0da0f
- Merged fixes 1394 and 1395 from trunk to PolarSSL 1.2 branch
2012-11-02 11:06:08 +00:00
3338b792da
- Fixed WIN32 version of x509parse_crtpath()
2012-10-01 21:13:10 +00:00
5c2364c2ba
- Moved from unsigned long to uint32_t throughout code
2012-10-01 14:41:15 +00:00
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
b00ca42f2a
- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
2012-09-25 12:10:00 +00:00
94a6796179
- Correctly handle MS certificate's key usage bits
2012-08-23 13:03:52 +00:00
535e97dbab
- Better checking for reading over buffer boundaries
...
- Zeroize altSubjectName chain memory before use
2012-08-23 10:49:55 +00:00
cefb396a77
- Handle empty certificate subject names
2012-06-27 11:51:09 +00:00
e4791f3936
- Bugfix for Windows in cert path handling
2012-06-04 21:29:15 +00:00
8d914583f3
- Added X509 CA Path support
2012-06-04 12:46:42 +00:00
4d2c1243b1
- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.
2012-05-10 14:12:46 +00:00
430ffbe564
- Fixed potential heap corruption in x509_name allocation
2012-05-01 08:14:20 +00:00
ad8d354a1a
- Updated RFC ref
2012-02-16 15:28:14 +00:00
8afa70dcd5
- Clean Subject Alternative Name data
2012-02-11 18:42:45 +00:00
57b12982b3
- Multi-domain certificates support wildcards as well
2012-02-11 17:38:38 +00:00
a8cd239d6b
- Added support for wildcard certificates
...
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
b15b851d6d
- Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47 , found by Hugo Leisink)
2012-01-13 13:44:06 +00:00
69e095cc15
- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
...
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
- Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
9304880e8a
- Fixed correct printing of serial number '00'
2011-12-05 14:38:06 +00:00
c8ffbe7706
- Corrected removal of leading '00:' in printing serial numbers in certificates and CRLs
2011-12-05 14:22:49 +00:00
4f229e5d83
- Fixed define for Windows time functions
2011-12-04 22:11:35 +00:00
6c0ceb3f9a
- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error
2011-12-04 12:24:18 +00:00
03c7c25243
- * If certificate serial is longer than 32 octets, serial number is now appended with '....' after first 28 octets
2011-11-25 12:37:37 +00:00
cce9d77745
- Lots of minimal changes to better support WINCE as a build target
2011-11-18 14:26:47 +00:00
cebdf17159
- Allowed X509 key usage parsing to accept 4 byte values instead of the standard 1 byte version sometimes used by Microsoft. (Closes ticket #38 )
2011-11-11 15:01:31 +00:00
efc302964c
- Extracted ASN.1 parsing code from the X.509 parsing code. Added new module.
2011-11-10 14:43:23 +00:00
2a1c5f5382
- Minor code cleanup
2011-10-19 14:15:17 +00:00
fae618fa8b
- Updated tests to reflect recent changes
2011-10-12 11:53:52 +00:00
b5a11ab80b
- Added a separate CRL entry extension parsing function
2011-10-12 09:58:41 +00:00
fbc09f3cb6
- Added an EXPLICIT tag number parameter to x509_get_ext()
2011-10-12 09:56:41 +00:00
3329d1f805
- Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag before version numbers
2011-10-12 09:55:01 +00:00
c4909d95f1
- Inceased maximum size of ASN1 length reads to 32-bits
2011-10-12 09:52:22 +00:00
5c721f98fd
- Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL
...
- Minor Fix in ASN.1 comments of PrivateKeyInfo
2011-07-27 16:51:09 +00:00
ed56b224de
- Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20 )
2011-07-13 11:26:43 +00:00
684ddce18c
- Minor fixer to remove compiler warnings for ARMCC
2011-07-01 09:25:54 +00:00
27fdf46d16
- Removed deprecated casts to int for now unsigned values
2011-06-09 13:55:13 +00:00
5690efccc4
- Fixed a whole bunch of dependencies on defines between files, examples and tests
2011-05-26 13:16:06 +00:00
9d781407bc
- A error_strerror function() has been added to translate between error codes and their description.
...
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
- Descriptions to all error codes have been added.
- Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00
335db3f121
- Functions requiring File System functions can now be disables by undefining POLARSSL_FS_IO
2011-04-25 15:28:35 +00:00
f4f6968a86
- Improved compile-time compatibility with mingw32 64-bit versions
2011-04-24 16:08:12 +00:00
23986e5d5d
- Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops
2011-04-24 08:57:21 +00:00
eaa89f8366
- Do not depend on dhm code if POLARSSL_DHM_C not defined
2011-04-04 21:36:15 +00:00
66b78b2d16
- Added missing rsa_init() call in x509parse_self_test()
2011-03-25 14:22:50 +00:00
53019ae6f7
- RSASSA-PSS verification now properly handles salt lengths other than hlen
2011-03-25 13:58:48 +00:00
400ff6f0fd
- Corrected parsing of UTCTime dates before 1990 and after 1950
...
- Support more exotic OID's when parsing certificates
- Support more exotic name representations when parsing certificates
- Replaced the expired test certificates
2011-02-20 10:40:16 +00:00
