Janos Follath
189c743d3e
Added test case for pathlen constrains in intermediate certificates
...
backport of 822b2c3
2015-10-28 18:15:48 +01:00
Manuel Pégourié-Gonnard
8f63e95dae
Fix typos that made tests be skipped
2015-09-01 18:44:47 +02:00
Manuel Pégourié-Gonnard
1c38550bbd
Skip to trusted certs early in the chain
...
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).
see #220
backport of fdbdd72
2015-09-01 18:34:15 +02:00
Manuel Pégourié-Gonnard
15f1088ef6
Add tests for verify callback
...
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
backport of 560fea3
2015-09-01 18:29:59 +02:00
Manuel Pégourié-Gonnard
b5d77d3fd9
Accept a trailing space at end of PEM lines
...
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
2015-08-10 12:01:50 +02:00
Manuel Pégourié-Gonnard
39a183a629
Add x509_crt_verify_info()
2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard
39ead3ef2f
Add test certificate for bitstring in DN
2015-03-27 13:11:33 +01:00
Manuel Pégourié-Gonnard
555fbf8758
Support composite RDNs in X.509 certs parsing
2015-02-04 17:11:55 +00:00
Manuel Pégourié-Gonnard
5c2aa10c15
Fix curve dependency issues in X.509 test suite
2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard
57a5d60abb
Add tests for concatenated CRLs
2014-11-19 16:08:34 +01:00
Manuel Pégourié-Gonnard
8a5e3d4a40
Forbid repeated X.509 extensions
2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard
b134060f90
Fix memory leak with crafted X.509 certs
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
0369a5291b
Fix uninitialised pointer dereference
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
9c911da68f
Add tests for X.509 name encoding mismatch
2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard
5d8618539f
Fix memory leak while parsing some X.509 certs
2014-10-17 12:41:41 +02:00
Paul Bakker
5a5fa92bfe
x509_crt_parse() did not increase total_failed on PEM error
...
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
Paul Bakker
d153ef335f
Missing dependencies on POLARSSL_ECP_C fixed
2014-08-18 12:00:28 +02:00
Paul Bakker
237a847f1c
Fix typos in comments
2014-06-25 14:45:24 +02:00
Manuel Pégourié-Gonnard
d249b7ab9a
Restore ability to trust non-CA selfsigned EE cert
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
c4eff16516
Restore ability to use v1 CA if trusted locally
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
d77cd5d0c3
Add tests for x509_csr_parse
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
5873b00b7f
Add pathological RSASSA-PSS test certificates
...
Certificates announcing different PSS options than the ones actually used for
the signature. Makes sure the options are correctly passed to the verification
function.
2014-06-07 11:21:52 +02:00
Manuel Pégourié-Gonnard
97049c26d8
Add forgotten depends in test
2014-06-06 17:00:03 +02:00
Manuel Pégourié-Gonnard
d1539b1e88
Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT
2014-06-06 16:42:37 +02:00
Manuel Pégourié-Gonnard
854036956d
Add tests for x509 rsassa_pss params parsing
2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
eacccb7fb9
Add RSASSA-PSS certificate with all defaults
2014-06-05 18:00:08 +02:00
Manuel Pégourié-Gonnard
53882023e7
Also verify CRLs signed with RSASSA-PSS
2014-06-05 17:59:55 +02:00
Manuel Pégourié-Gonnard
920e1cd5e2
Add basic PSS cert verification
...
Still todo:
- handle MGF-hash != sign-hash
- check effective salt len == announced salt len
- add support in the PK layer so that we don't have to bypass it here
2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard
78117d57b0
Consider trailerField a constant
2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard
39868ee301
Parse CSRs signed with RSASSA-PSS
2014-06-02 16:10:30 +02:00
Manuel Pégourié-Gonnard
2a8d7fd76e
Add tests for parsing CSRs
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
8e42ff6bde
Parse CRLs signed with RSASSA-PSS
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
9df5c96214
Fix dependencies
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
e76b750b69
Finish parsing RSASSA-PSS parameters
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
f346bab139
Start parsing RSASSA-PSS parameters
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
59a75d5b9d
Basic parsing of certs signed with RSASSA-PSS
2014-06-02 16:10:29 +02:00
Paul Bakker
1ebc0c592c
Fix typos
2014-05-22 15:47:58 +02:00
Paul Bakker
4cdb4d9bb7
X509 time-related tests depend on POLARSSL_HAVE_TIME
2014-05-22 14:22:59 +02:00
Manuel Pégourié-Gonnard
3d41370645
Fix hash dependencies in X.509 tests
2014-04-29 15:29:41 +02:00
Manuel Pégourié-Gonnard
edc81ff8c2
Fix some more curve depends in X.509 tests
2014-04-29 15:10:40 +02:00
Manuel Pégourié-Gonnard
ec4d27398a
Fix curve dependencies in *keyusage tests
2014-04-29 15:06:41 +02:00
Paul Bakker
b6487dade9
Fixed result for test case in test_suite_x509parse
2014-04-17 16:04:33 +02:00
Manuel Pégourié-Gonnard
add05d7125
Fix some dependency declarations in X.509 tests
2014-04-11 11:12:40 +02:00
Manuel Pégourié-Gonnard
7afb8a0dca
Add x509_crt_check_extended_key_usage()
2014-04-11 11:09:00 +02:00
Manuel Pégourié-Gonnard
99d4f19111
Add keyUsage checking for CAs
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
603116c570
Add x509_crt_check_key_usage()
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
7afdb88216
Test and fix x509_oid functions
2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard
7b30cfc5b0
x509_crt_info() list output cosmectics
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
f6f4ab40d3
Print extended key usage in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
65c2ddc318
Print key_usage in x509_crt_info()
2014-04-04 14:01:39 +02:00