Commit graph

145 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 93080dfacf Fix missing check for RSA key length on EE certs
- also adapt tests to use lesser requirement for compatibility with old
  testing material
2015-10-28 13:22:32 +01:00
Manuel Pégourié-Gonnard fdbdd72b8b Skip to trusted certs early in the chain
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

closes #220
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard 560fea3767 Add tests for verify callback
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard 052d10c9d5 Accept a trailing space at end of PEM lines
With certs being copy-pasted from webmails and all, this will probably become
more and more common.

closes #226
2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard 655a964539 Adapt check_key_usage to new weird bits 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard 9a702255f4 Add parsing/printing for new X.509 keyUsage flags 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard d5f38b045d Fix dependencies on time on x509 test suite 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard cbb1f6e5cb Implement cert profile checking 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard 9505164ef4 Create cert profile API (unimplemented yet) 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard bc7bbbc85a Remove duplicated tests for x509_verify_info() 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard c730ed3f2d Rename boolean functions to be clearer 2015-06-02 10:38:50 +01:00
Manuel Pégourié-Gonnard e6028c93f5 Fix some X509 macro names
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard e75fa70b36 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Make results of (ext)KeyUsage accessible
  Use x509_crt_verify_info() in programs
  Add x509_crt_verify_info()

Conflicts:
	ChangeLog
	include/mbedtls/x509_crt.h
	include/polarssl/ssl.h
	include/polarssl/x509.h
	library/ssl_srv.c
	library/ssl_tls.c
	library/x509_crt.c
	programs/ssl/ssl_client1.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_mail_client.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
	tests/ssl-opt.sh
	tests/suites/test_suite_x509parse.function
2015-04-20 11:51:34 +01:00
Manuel Pégourié-Gonnard b5f48ad82f manually merge 39a183a add x509_crt_verify_info() 2015-04-20 11:22:57 +01:00
Manuel Pégourié-Gonnard 39a183a629 Add x509_crt_verify_info() 2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard 2cf5a7c98e The Great Renaming
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard 932e3934bd Fix typos & Co 2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard 39ead3ef2f Add test certificate for bitstring in DN 2015-03-27 13:11:33 +01:00
Manuel Pégourié-Gonnard 555fbf8758 Support composite RDNs in X.509 certs parsing 2015-02-04 17:11:55 +00:00
Manuel Pégourié-Gonnard 5c2aa10c15 Fix curve dependency issues in X.509 test suite 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard 57a5d60abb Add tests for concatenated CRLs 2014-11-19 16:08:34 +01:00
Manuel Pégourié-Gonnard 8a5e3d4a40 Forbid repeated X.509 extensions 2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard b134060f90 Fix memory leak with crafted X.509 certs 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard 0369a5291b Fix uninitialised pointer dereference 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard 9c911da68f Add tests for X.509 name encoding mismatch 2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard 5d8618539f Fix memory leak while parsing some X.509 certs 2014-10-17 12:41:41 +02:00
Paul Bakker 5a5fa92bfe x509_crt_parse() did not increase total_failed on PEM error
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
Paul Bakker d153ef335f Missing dependencies on POLARSSL_ECP_C fixed 2014-08-18 12:00:28 +02:00
Paul Bakker 237a847f1c Fix typos in comments 2014-06-25 14:45:24 +02:00
Manuel Pégourié-Gonnard d249b7ab9a Restore ability to trust non-CA selfsigned EE cert 2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard c4eff16516 Restore ability to use v1 CA if trusted locally 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard d77cd5d0c3 Add tests for x509_csr_parse 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard 5873b00b7f Add pathological RSASSA-PSS test certificates
Certificates announcing different PSS options than the ones actually used for
the signature. Makes sure the options are correctly passed to the verification
function.
2014-06-07 11:21:52 +02:00
Manuel Pégourié-Gonnard 97049c26d8 Add forgotten depends in test 2014-06-06 17:00:03 +02:00
Manuel Pégourié-Gonnard d1539b1e88 Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT 2014-06-06 16:42:37 +02:00
Manuel Pégourié-Gonnard 854036956d Add tests for x509 rsassa_pss params parsing 2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard eacccb7fb9 Add RSASSA-PSS certificate with all defaults 2014-06-05 18:00:08 +02:00
Manuel Pégourié-Gonnard 53882023e7 Also verify CRLs signed with RSASSA-PSS 2014-06-05 17:59:55 +02:00
Manuel Pégourié-Gonnard 920e1cd5e2 Add basic PSS cert verification
Still todo:
- handle MGF-hash != sign-hash
- check effective salt len == announced salt len
- add support in the PK layer so that we don't have to bypass it here
2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard 78117d57b0 Consider trailerField a constant 2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard 39868ee301 Parse CSRs signed with RSASSA-PSS 2014-06-02 16:10:30 +02:00
Manuel Pégourié-Gonnard 2a8d7fd76e Add tests for parsing CSRs 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard 8e42ff6bde Parse CRLs signed with RSASSA-PSS 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard 9df5c96214 Fix dependencies 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard e76b750b69 Finish parsing RSASSA-PSS parameters 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard f346bab139 Start parsing RSASSA-PSS parameters 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard 59a75d5b9d Basic parsing of certs signed with RSASSA-PSS 2014-06-02 16:10:29 +02:00
Paul Bakker 1ebc0c592c Fix typos 2014-05-22 15:47:58 +02:00
Paul Bakker 4cdb4d9bb7 X509 time-related tests depend on POLARSSL_HAVE_TIME 2014-05-22 14:22:59 +02:00
Manuel Pégourié-Gonnard 3d41370645 Fix hash dependencies in X.509 tests 2014-04-29 15:29:41 +02:00