Commit graph

177 commits

Author SHA1 Message Date
Paul Bakker e4791f3936 - Bugfix for Windows in cert path handling 2012-06-04 21:29:15 +00:00
Paul Bakker 8d914583f3 - Added X509 CA Path support 2012-06-04 12:46:42 +00:00
Paul Bakker 4d2c1243b1 - Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present. 2012-05-10 14:12:46 +00:00
Paul Bakker 430ffbe564 - Fixed potential heap corruption in x509_name allocation 2012-05-01 08:14:20 +00:00
Paul Bakker ad8d354a1a - Updated RFC ref 2012-02-16 15:28:14 +00:00
Paul Bakker 8afa70dcd5 - Clean Subject Alternative Name data 2012-02-11 18:42:45 +00:00
Paul Bakker 57b12982b3 - Multi-domain certificates support wildcards as well 2012-02-11 17:38:38 +00:00
Paul Bakker a8cd239d6b - Added support for wildcard certificates
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker b15b851d6d - Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47, found by Hugo Leisink) 2012-01-13 13:44:06 +00:00
Paul Bakker 69e095cc15 - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker 9304880e8a - Fixed correct printing of serial number '00' 2011-12-05 14:38:06 +00:00
Paul Bakker c8ffbe7706 - Corrected removal of leading '00:' in printing serial numbers in certificates and CRLs 2011-12-05 14:22:49 +00:00
Paul Bakker 4f229e5d83 - Fixed define for Windows time functions 2011-12-04 22:11:35 +00:00
Paul Bakker 6c0ceb3f9a - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error 2011-12-04 12:24:18 +00:00
Paul Bakker 03c7c25243 - * If certificate serial is longer than 32 octets, serial number is now appended with '....' after first 28 octets 2011-11-25 12:37:37 +00:00
Paul Bakker cce9d77745 - Lots of minimal changes to better support WINCE as a build target 2011-11-18 14:26:47 +00:00
Paul Bakker cebdf17159 - Allowed X509 key usage parsing to accept 4 byte values instead of the standard 1 byte version sometimes used by Microsoft. (Closes ticket #38) 2011-11-11 15:01:31 +00:00
Paul Bakker efc302964c - Extracted ASN.1 parsing code from the X.509 parsing code. Added new module. 2011-11-10 14:43:23 +00:00
Paul Bakker 2a1c5f5382 - Minor code cleanup 2011-10-19 14:15:17 +00:00
Paul Bakker fae618fa8b - Updated tests to reflect recent changes 2011-10-12 11:53:52 +00:00
Paul Bakker b5a11ab80b - Added a separate CRL entry extension parsing function 2011-10-12 09:58:41 +00:00
Paul Bakker fbc09f3cb6 - Added an EXPLICIT tag number parameter to x509_get_ext() 2011-10-12 09:56:41 +00:00
Paul Bakker 3329d1f805 - Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag before version numbers 2011-10-12 09:55:01 +00:00
Paul Bakker c4909d95f1 - Inceased maximum size of ASN1 length reads to 32-bits 2011-10-12 09:52:22 +00:00
Paul Bakker 5c721f98fd - Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL
- Minor Fix in ASN.1 comments of PrivateKeyInfo
2011-07-27 16:51:09 +00:00
Paul Bakker ed56b224de - Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20) 2011-07-13 11:26:43 +00:00
Paul Bakker 684ddce18c - Minor fixer to remove compiler warnings for ARMCC 2011-07-01 09:25:54 +00:00
Paul Bakker 27fdf46d16 - Removed deprecated casts to int for now unsigned values 2011-06-09 13:55:13 +00:00
Paul Bakker 5690efccc4 - Fixed a whole bunch of dependencies on defines between files, examples and tests 2011-05-26 13:16:06 +00:00
Paul Bakker 9d781407bc - A error_strerror function() has been added to translate between error codes and their description.
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
 - Descriptions to all error codes have been added.
 - Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00
Paul Bakker 335db3f121 - Functions requiring File System functions can now be disables by undefining POLARSSL_FS_IO 2011-04-25 15:28:35 +00:00
Paul Bakker f4f6968a86 - Improved compile-time compatibility with mingw32 64-bit versions 2011-04-24 16:08:12 +00:00
Paul Bakker 23986e5d5d - Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops 2011-04-24 08:57:21 +00:00
Paul Bakker eaa89f8366 - Do not depend on dhm code if POLARSSL_DHM_C not defined 2011-04-04 21:36:15 +00:00
Paul Bakker 66b78b2d16 - Added missing rsa_init() call in x509parse_self_test() 2011-03-25 14:22:50 +00:00
Paul Bakker 53019ae6f7 - RSASSA-PSS verification now properly handles salt lengths other than hlen 2011-03-25 13:58:48 +00:00
Paul Bakker 400ff6f0fd - Corrected parsing of UTCTime dates before 1990 and after 1950
- Support more exotic OID's when parsing certificates
 - Support more exotic name representations when parsing certificates
 - Replaced the expired test certificates
2011-02-20 10:40:16 +00:00
Paul Bakker 96743fc5f5 - Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5)
 - Added tests for encrypted keyfiles
2011-02-12 14:30:57 +00:00
Paul Bakker d61e7d98cb - Cleaned up warning-generating code 2011-01-18 16:17:47 +00:00
Paul Bakker 0f5f72e949 - Fixed doxygen syntax to standard '\' instead of '@' 2011-01-18 14:58:55 +00:00
Paul Bakker 3cccddb238 - Fixed identification of non-critical CA certificates 2011-01-16 21:46:31 +00:00
Paul Bakker b619499eb3 - x509parse_time_expired() checks time now in addition to the existing date check 2011-01-16 21:40:22 +00:00
Paul Bakker a056efc8f9 - Fixed serial length check 2011-01-16 21:38:35 +00:00
Paul Bakker dd47699ba5 - Moved storing of a printable serial into a separate function 2011-01-16 21:34:59 +00:00
Paul Bakker 76fd75a3de - Improved certificate validation and validation against the available CRLs 2011-01-16 21:12:10 +00:00
Paul Bakker 74111d30b7 - Improved X509 certificate parsing to include extended certificate fields, such as Key Usage 2011-01-15 16:57:55 +00:00
Paul Bakker b63b0afc05 - Added verification callback in certificate verification chain in order to allow external blacklisting 2011-01-13 17:54:59 +00:00
Paul Bakker 1b57b06751 - Added reading of DHM context from memory and file 2011-01-06 15:48:19 +00:00
Paul Bakker b96f154e51 - Fixed copyright message 2010-07-18 20:36:00 +00:00
Paul Bakker 84f12b76fc - Updated Copyright to correct entity 2010-07-18 10:13:04 +00:00
Paul Bakker fc8c4360b8 - Updated copyright line to 2010 2010-03-21 17:37:16 +00:00
Paul Bakker 1f3c39c194 - Removed copyright line for Christophe Devine for clarity 2010-03-21 17:30:05 +00:00
Paul Bakker 27d661657b - Added x509_get_sig_alg() to allow easy future X509 signature algorithm determination expansion 2010-03-17 06:56:01 +00:00
Paul Bakker ff60ee6c2a - Added const-correctness to main codebase 2010-03-16 21:09:09 +00:00
Paul Bakker 9120018f3d - Added support for GeneralizedTime in X509 certificates 2010-02-18 21:26:15 +00:00
Paul Bakker fe1aea7877 - Fixed typo in MD4 define 2009-10-03 20:09:14 +00:00
Paul Bakker de4d2eae95 - Added handling of missing POLARSSL_MD5_C define and POLARSSL_SHA1_c define 2009-10-03 19:58:52 +00:00
Paul Bakker 77b385e91a - Updated copyright messages on all relevant files 2009-07-28 17:23:11 +00:00
Paul Bakker c6ce838d8f - Better handling of extension parsing 2009-07-27 21:34:45 +00:00
Paul Bakker 9be19375e5 - Fill base data for x509_crl_entry in CRL correctly
- Internal structure of sequences is not optional anymore (as per RFC)
 - nextUpdate handles optionality correct if no revokedCertificates are present.
 - x509parse_crl_info handles the case of no entries correctly
2009-07-27 20:21:53 +00:00
Paul Bakker 635f4b4cf9 - Updated error check on optional nextUpdate in CRL 2009-07-20 20:34:41 +00:00
Paul Bakker 1e27bb24bc - Added newline at end of CRL info 2009-07-19 20:25:25 +00:00
Paul Bakker 1973e4c582 - Fixed selftest of X509parse code 2009-07-10 22:32:40 +00:00
Paul Bakker 40ea7de46d - Added CRL revocation support to x509parse_verify()
- Fixed an off-by-one allocation in ssl_set_hostname()
 - Added CRL support to SSL/TLS code
2009-05-03 10:18:48 +00:00
Paul Bakker 7d06ad2b52 - Fixed formatting 2009-05-02 15:53:56 +00:00
Paul Bakker d98030e7d6 - Added prelimenary CRL parsing and info support 2009-05-02 15:13:40 +00:00
Paul Bakker 2b245ebd9f - Moved file loading to load_file 2009-04-19 18:44:26 +00:00
Paul Bakker 7c6d4a4e6b - Fixed new logic on certificate chains in x509parse_verify() 2009-03-28 20:35:47 +00:00
Paul Bakker e9581d66b0 - Fixed logic error on end of 'full' chain 2009-03-28 20:29:25 +00:00
Paul Bakker 320a4b59a8 - Added input handling for x509parse_crt()
- Prevented memory leak by only adding new certificate if needed in x509parse_crt()
 - Add certificate before parsing if chain is 'full' in x509parse_crt()
2009-03-28 18:52:39 +00:00
Paul Bakker 026c03b7f4 - Made changes for better compatibility with old-style C compilers 2009-03-28 17:53:03 +00:00
Paul Bakker 4593aeadaf - Added support for RFC4055 SHA2 and SHA4 signature algorithms for
use with PKCS#1 v1.5 signing and verification.
 - Added extra certificates to test-ca and test code to further test
   functionality of SHA2 and SHA4 signing and verification.
 - Updated other program files accordingly
2009-02-09 22:32:35 +00:00
Paul Bakker 3681b118ec - Enlarged debug buffer to facilitate long certificate values and filenames 2009-02-07 17:14:21 +00:00
Paul Bakker 785a9eeece - Added email address to header license information 2009-01-25 14:15:10 +00:00
Paul Bakker e0ccd0a7c3 - Updated Copyright notices 2009-01-04 16:27:10 +00:00
Paul Bakker 40e46940df - First replacement of xyssl by polarssl where needed 2009-01-03 21:51:57 +00:00
Paul Bakker 5121ce5bdb - Renamed include directory to polarssl 2009-01-03 21:22:43 +00:00