cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity
13,536 Commits 7 Branches 115 Tags
Commit Graph

86 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
15d7df2ba8 Introduce mbedtls_pk_restart_ctx and use it 
The fact that you needed to pass a pointer to mbedtls_ecdsa_restart_ctx (or
that you needed to know the key type of the PK context) was a breach of
abstraction.

Change the API (and callers) now, and the implementation will be changed in
the next commit.
 2017-08-17 15:16:11 +02:00
Manuel Pégourié-Gonnard
8b59049407 Make verify() actually restartable 2017-08-15 10:45:09 +02:00
Manuel Pégourié-Gonnard
c11e4baa63 Rework type for verify chain 
- create container with length + table
- make types public (will be needed in restart context)
 2017-08-15 10:44:13 +02:00
Manuel Pégourié-Gonnard
bc3f44ae9c Introduce mbedtls_x509_crt_verify_restartable() 2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
562df401d3 Improve some comments, fix some typos+whitespace 2017-08-08 18:17:53 +02:00
Manuel Pégourié-Gonnard
a4a206e834 Clarify documentation for directly-trusted certs 
The fact that self-signed end-entity certs can be explicitly trusted by
putting them in the CA list even if they don't have the CA bit was not
documented though it's intentional, and tested by "Certificate verification #73
(selfsigned trusted without CA bit)" in test_suite_x509parse.data

It is unclear to me whether the restriction that explicitly trusted end-entity
certs must be self-signed is a good one. However, it seems intentional as it is
tested in tests #42 and #43, so I'm not touching it for now.
 2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
760c9b91d7 Update doc of return value of verify() 2017-07-06 15:00:32 +02:00
Manuel Pégourié-Gonnard
31458a1878 Only return VERIFY_FAILED from a single point 
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
 2017-07-06 11:58:41 +02:00
Andres AG
f9113194af Allow the entry_name size to be set in config.h 
Allow the size of the entry_name character array in x509_crt.c to be
configurable through a macro in config.h. entry_name holds a
path/filename string. The macro introduced in
MBEDTLS_X509_MAX_FILE_PATH_LEN.
 2016-09-16 11:42:35 +01:00
Manuel Pégourié-Gonnard
eeef947040 Clarify documentation about missing CRLs 
Also tune up some working while at it.
 2016-03-09 19:32:08 +00:00
Simon Butcher
5b331b9d48 Various fixes to doxygen API generation 
* Fixed incorrect file definitions
 * Fixed accidental tag problems in ecjpake.h
 * Corrected function naming in X.509 module definition
 2016-01-03 16:14:14 +00:00
Manuel Pégourié-Gonnard
65eefc8707 Fix missing check for RSA key length on EE certs 
- also adapt tests to use lesser requirement for compatibility with old
  testing material
 2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
e244f9ffc0 Improve doc about length of strings written 2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
1cd10adc7c Update prototype of x509write_set_key_usage() 
Allow for future support of decipherOnly and encipherOnly. Some work will be
required to ensure we still write only one byte when only one is needed.
 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
655a964539 Adapt check_key_usage to new weird bits 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
27716cc1da Clarify a point in the documentation 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
f8ea856296 Change data structure of profiles to bitfields 
- allows to express 'none' or 'all' more easily than lists
- more compact and easier to declare statically
- easier to check too

Only drawback: if we ever have more than 32 curves, we'll need an ABI change to
make that field a uint64_t.
 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
88db5da117 Add pre-defined profiles for cert verification 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
9505164ef4 Create cert profile API (unimplemented yet) 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
c730ed3f2d Rename boolean functions to be clearer 2015-06-02 10:38:50 +01:00
Manuel Pégourié-Gonnard
81abefd46c Fix typos/style in doxygen documentation 2015-05-29 12:53:47 +02:00
Manuel Pégourié-Gonnard
6a8ca33fa5 Rename ERR_xxx_MALLOC_FAILED to ..._ALLOC_FAILED 2015-05-28 16:25:05 +02:00
Manuel Pégourié-Gonnard
944cfe8899 Allow use of global mutexes with threading_alt 2015-05-27 20:12:05 +02:00
Manuel Pégourié-Gonnard
43b37cbc92 Fix use of pem_read_buffer() in PK, DHM and X509 2015-05-12 11:26:43 +02:00
Manuel Pégourié-Gonnard
e6ef16f98c Change X.509 verify flags to uint32_t 2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard
331ba5778a Fix some additional renaming issues 2015-04-20 12:33:57 +01:00
Manuel Pégourié-Gonnard
e6028c93f5 Fix some X509 macro names 
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
 2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard
e75fa70b36 Merge branch 'mbedtls-1.3' into development 
* mbedtls-1.3:
  Make results of (ext)KeyUsage accessible
  Use x509_crt_verify_info() in programs
  Add x509_crt_verify_info()

Conflicts:
	ChangeLog
	include/mbedtls/x509_crt.h
	include/polarssl/ssl.h
	include/polarssl/x509.h
	library/ssl_srv.c
	library/ssl_tls.c
	library/x509_crt.c
	programs/ssl/ssl_client1.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_mail_client.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
	tests/ssl-opt.sh
	tests/suites/test_suite_x509parse.function
 2015-04-20 11:51:34 +01:00
Manuel Pégourié-Gonnard
b5f48ad82f manually merge 39a183a add x509_crt_verify_info() 2015-04-20 11:22:57 +01:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming 
A simple execution of tmp/invoke-rename.pl
 2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
932e3934bd Fix typos & Co 2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard
1d0ca1a336 Move key_usage to more that 8 bits 2015-03-27 16:50:00 +01:00
Manuel Pégourié-Gonnard
1022fed36e Remove redundant sig_oid2 in x509 structures 2015-03-27 16:34:42 +01:00
Manuel Pégourié-Gonnard
7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00