Paul Bakker
915275ba78
- Revamped x509_verify() and the SSL f_vrfy callback implementations
2012-09-28 07:10:55 +00:00
Paul Bakker
b00ca42f2a
- Handle existence of OpenSSL Trust Extensions at end of X.509 DER blob
2012-09-25 12:10:00 +00:00
Paul Bakker
94a6796179
- Correctly handle MS certificate's key usage bits
2012-08-23 13:03:52 +00:00
Paul Bakker
535e97dbab
- Better checking for reading over buffer boundaries
...
- Zeroize altSubjectName chain memory before use
2012-08-23 10:49:55 +00:00
Paul Bakker
cefb396a77
- Handle empty certificate subject names
2012-06-27 11:51:09 +00:00
Paul Bakker
e4791f3936
- Bugfix for Windows in cert path handling
2012-06-04 21:29:15 +00:00
Paul Bakker
8d914583f3
- Added X509 CA Path support
2012-06-04 12:46:42 +00:00
Paul Bakker
4d2c1243b1
- Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present.
2012-05-10 14:12:46 +00:00
Paul Bakker
430ffbe564
- Fixed potential heap corruption in x509_name allocation
2012-05-01 08:14:20 +00:00
Paul Bakker
ad8d354a1a
- Updated RFC ref
2012-02-16 15:28:14 +00:00
Paul Bakker
8afa70dcd5
- Clean Subject Alternative Name data
2012-02-11 18:42:45 +00:00
Paul Bakker
57b12982b3
- Multi-domain certificates support wildcards as well
2012-02-11 17:38:38 +00:00
Paul Bakker
a8cd239d6b
- Added support for wildcard certificates
...
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker
b15b851d6d
- Check for failed malloc() in ssl_set_hostname() and x509_get_entries() (Closes ticket #47 , found by Hugo Leisink)
2012-01-13 13:44:06 +00:00
Paul Bakker
69e095cc15
- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
...
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
- Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
9304880e8a
- Fixed correct printing of serial number '00'
2011-12-05 14:38:06 +00:00
Paul Bakker
c8ffbe7706
- Corrected removal of leading '00:' in printing serial numbers in certificates and CRLs
2011-12-05 14:22:49 +00:00
Paul Bakker
4f229e5d83
- Fixed define for Windows time functions
2011-12-04 22:11:35 +00:00
Paul Bakker
6c0ceb3f9a
- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error
2011-12-04 12:24:18 +00:00
Paul Bakker
03c7c25243
- * If certificate serial is longer than 32 octets, serial number is now appended with '....' after first 28 octets
2011-11-25 12:37:37 +00:00
Paul Bakker
cce9d77745
- Lots of minimal changes to better support WINCE as a build target
2011-11-18 14:26:47 +00:00
Paul Bakker
cebdf17159
- Allowed X509 key usage parsing to accept 4 byte values instead of the standard 1 byte version sometimes used by Microsoft. (Closes ticket #38 )
2011-11-11 15:01:31 +00:00
Paul Bakker
efc302964c
- Extracted ASN.1 parsing code from the X.509 parsing code. Added new module.
2011-11-10 14:43:23 +00:00
Paul Bakker
2a1c5f5382
- Minor code cleanup
2011-10-19 14:15:17 +00:00
Paul Bakker
fae618fa8b
- Updated tests to reflect recent changes
2011-10-12 11:53:52 +00:00
Paul Bakker
b5a11ab80b
- Added a separate CRL entry extension parsing function
2011-10-12 09:58:41 +00:00
Paul Bakker
fbc09f3cb6
- Added an EXPLICIT tag number parameter to x509_get_ext()
2011-10-12 09:56:41 +00:00
Paul Bakker
3329d1f805
- Fixed a bug where the CRL parser expected an EXPLICIT ASN.1 tag before version numbers
2011-10-12 09:55:01 +00:00
Paul Bakker
c4909d95f1
- Inceased maximum size of ASN1 length reads to 32-bits
2011-10-12 09:52:22 +00:00
Paul Bakker
5c721f98fd
- Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL
...
- Minor Fix in ASN.1 comments of PrivateKeyInfo
2011-07-27 16:51:09 +00:00
Paul Bakker
ed56b224de
- Added support for PKCS#8 wrapper on reading private keys (Fixes ticket #20 )
2011-07-13 11:26:43 +00:00
Paul Bakker
684ddce18c
- Minor fixer to remove compiler warnings for ARMCC
2011-07-01 09:25:54 +00:00
Paul Bakker
27fdf46d16
- Removed deprecated casts to int for now unsigned values
2011-06-09 13:55:13 +00:00
Paul Bakker
5690efccc4
- Fixed a whole bunch of dependencies on defines between files, examples and tests
2011-05-26 13:16:06 +00:00
Paul Bakker
9d781407bc
- A error_strerror function() has been added to translate between error codes and their description.
...
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
- Descriptions to all error codes have been added.
- Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00
Paul Bakker
335db3f121
- Functions requiring File System functions can now be disables by undefining POLARSSL_FS_IO
2011-04-25 15:28:35 +00:00
Paul Bakker
f4f6968a86
- Improved compile-time compatibility with mingw32 64-bit versions
2011-04-24 16:08:12 +00:00
Paul Bakker
23986e5d5d
- Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops
2011-04-24 08:57:21 +00:00
Paul Bakker
eaa89f8366
- Do not depend on dhm code if POLARSSL_DHM_C not defined
2011-04-04 21:36:15 +00:00
Paul Bakker
66b78b2d16
- Added missing rsa_init() call in x509parse_self_test()
2011-03-25 14:22:50 +00:00
Paul Bakker
53019ae6f7
- RSASSA-PSS verification now properly handles salt lengths other than hlen
2011-03-25 13:58:48 +00:00
Paul Bakker
400ff6f0fd
- Corrected parsing of UTCTime dates before 1990 and after 1950
...
- Support more exotic OID's when parsing certificates
- Support more exotic name representations when parsing certificates
- Replaced the expired test certificates
2011-02-20 10:40:16 +00:00
Paul Bakker
96743fc5f5
- Parsing of PEM files moved to separate module (Fixes ticket #13 ). Also possible to remove PEM support for systems only using DER encoding
...
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5 )
- Added tests for encrypted keyfiles
2011-02-12 14:30:57 +00:00
Paul Bakker
d61e7d98cb
- Cleaned up warning-generating code
2011-01-18 16:17:47 +00:00
Paul Bakker
0f5f72e949
- Fixed doxygen syntax to standard '\' instead of '@'
2011-01-18 14:58:55 +00:00
Paul Bakker
3cccddb238
- Fixed identification of non-critical CA certificates
2011-01-16 21:46:31 +00:00
Paul Bakker
b619499eb3
- x509parse_time_expired() checks time now in addition to the existing date check
2011-01-16 21:40:22 +00:00
Paul Bakker
a056efc8f9
- Fixed serial length check
2011-01-16 21:38:35 +00:00
Paul Bakker
dd47699ba5
- Moved storing of a printable serial into a separate function
2011-01-16 21:34:59 +00:00
Paul Bakker
76fd75a3de
- Improved certificate validation and validation against the available CRLs
2011-01-16 21:12:10 +00:00