Commit graph

182 commits

Author SHA1 Message Date
Paul Bakker
a317a98221 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Manuel Pégourié-Gonnard
c5fd391e04 Check return value of ssl_set_xxx() in programs 2014-07-08 14:20:26 +02:00
Paul Bakker
8880cb52f7 Handle missing CRL parsing gracefully 2014-06-12 23:22:26 +02:00
Paul Bakker
1fd325309b Add option 'crl_file' to cert_app 2014-05-28 11:36:38 +02:00
Manuel Pégourié-Gonnard
cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Paul Bakker
fdba46885b cert_write app should use subject of issuer certificate as issuer of cert 2014-04-25 11:48:35 +02:00
Paul Bakker
0c22610693 Cleaned up location of init and free for some programs to prevent memory
leaks on incorrect arguments
2014-04-17 16:02:36 +02:00
Shuo Chen
95a0d118a9 Fix compile error when POLARSSL_ERROR_STRERROR_BC is undefined. 2014-04-08 10:53:51 +02:00
Paul Bakker
c97f9f6465 Removed making commandline arguments case insensitive 2013-11-30 15:14:11 +01:00
Paul Bakker
8fc30b178c Various const fixes 2013-11-25 13:29:43 +01:00
Paul Bakker
93c6aa4014 Fixed that selfsign copies issuer_name to subject_name 2013-10-28 22:29:11 +01:00
Manuel Pégourié-Gonnard
3daaf3d21d X509 key identifiers depend on SHA1 2013-10-28 13:58:32 +01:00
Paul Bakker
1ffefaca1e Introduced entropy_free() 2013-09-29 15:01:42 +02:00
Manuel Pégourié-Gonnard
abd6e02b7b Rm _CRT_SECURE_NO_DEPRECATE for programs
(Already in config.h.)
2013-09-20 16:51:13 +02:00
Manuel Pégourié-Gonnard
7831b0cb3c A few more issues with small configurations 2013-09-20 12:30:21 +02:00
Manuel Pégourié-Gonnard
a7496f00ff Fix a few more warnings in small configurations 2013-09-20 11:29:59 +02:00
Paul Bakker
c559c7a680 Renamed x509_cert structure to x509_crt for consistency 2013-09-18 14:32:52 +02:00
Paul Bakker
ddf26b4e38 Renamed x509parse_* functions to new form
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2 Introduced x509_crt_init(), x509_crl_init() and x509_csr_init() 2013-09-18 12:01:43 +02:00
Paul Bakker
86d0c1949e Generalized function names of x509 functions not parse-specific
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker
7fc7fa630f cert_write application also works without POLARSSL_X509_CSR_PARSE_C 2013-09-17 14:44:00 +02:00
Paul Bakker
36713e8ed9 Fixed bunch of X509_PARSE related defines / dependencies 2013-09-17 13:25:29 +02:00
Paul Bakker
7c6b2c320e Split up X509 files into smaller modules 2013-09-16 21:41:54 +02:00
Paul Bakker
ace02867f6 Do not lowercase key values in arguments in cert_app.c 2013-09-16 21:40:34 +02:00
Paul Bakker
1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
26b4d45f49 Fix key_app_writer 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
31e59400d2 Add missing f_rng/p_rng arguments to x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
f38e71afd5 Convert x509write_crt interface to PK 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
ee73179b2f Adapt x509write_csr prototypes for PK 2013-09-12 11:57:00 +02:00
Paul Bakker
b2d7f23592 Ability to selfsign certificates added to cert_write app 2013-09-09 16:24:18 +02:00
Paul Bakker
4122f3eacf Removed POLARSSL_ERROR_C define and added as requirement defing for
cert_req and cert_write apps
2013-09-09 16:01:46 +02:00
Paul Bakker
80d44fee2e Moved 'define handling code' to top 2013-09-09 15:59:20 +02:00
Paul Bakker
e2673fb34b cert_write app now parses presented CSR for subject name and key 2013-09-09 15:56:09 +02:00
Paul Bakker
f9f377e652 CSR Parsing (without attributes / extensions) implemented 2013-09-09 15:35:10 +02:00
Paul Bakker
8693274219 Small typo in usage of cert_req app 2013-09-09 14:09:42 +02:00
Paul Bakker
1014e95775 Use issuer_name from the issuer_certificate in cert_write app 2013-09-09 13:59:42 +02:00
Paul Bakker
52be08c299 Added support for writing Key Usage and NS Cert Type extensions 2013-09-09 12:38:45 +02:00
Paul Bakker
cd35803684 Changes x509_csr to x509write_csr 2013-09-09 12:38:45 +02:00
Paul Bakker
15162a054a Writing of X509v3 extensions supported
Standard extensions already in: basicConstraints, subjectKeyIdentifier
and authorityKeyIdentifier
2013-09-06 19:27:21 +02:00
Paul Bakker
9397dcb0e8 Base X509 certificate writing functinality 2013-09-06 10:36:28 +02:00
Paul Bakker
ca174fef80 Merged refactored x509write module into development 2013-08-28 16:32:51 +02:00
Manuel Pégourié-Gonnard
ac75523593 Adapt ssl_set_own_cert() to generic keys 2013-08-27 22:21:20 +02:00
Paul Bakker
135f1e9c70 Move PEM conversion of DER data to x509write module 2013-08-26 17:37:18 +02:00
Paul Bakker
57be6e22cf cert_req now supports key_usage and ns_cert_type command line options 2013-08-26 17:37:18 +02:00
Paul Bakker
82e2945ed2 Changed naming and prototype convention for x509write functions
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker
384d4351ce Added cert_req to CMakeLists.txt 2013-08-25 10:51:18 +02:00
Paul Bakker
8eabfc1461 Rewrote x509 certificate request writing to use structure for storing 2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard
ba4878aa64 Rename x509parse_key & co with _rsa suffix 2013-07-08 15:31:18 +02:00
Paul Bakker
3c5ef71322 Cleanup up non-prototyped functions (static) and const-correctness in programs 2013-06-25 16:37:45 +02:00
Paul Bakker
ef3f8c747e Fixed const correctness issues in programs and tests
(cherry picked from commit e0225e4d7f18f4565224f4997af537533d06a80d)

Conflicts:
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_test.c
	programs/x509/cert_app.c
2013-06-24 19:09:24 +02:00
Paul Bakker
777a5757d6 ca_path and ca_file arguments added to support chain validation in
cert_app
2013-05-21 16:20:04 +02:00
Paul Bakker
c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
68884e3c09 Moved to advanced ciphersuite representation and more dynamic SSL code 2013-03-13 14:48:32 +01:00
Paul Bakker
9a73632fd9 - Merged changesets 1399 up to and including 1415 into 1.2 branch 2012-11-14 12:39:52 +00:00
Paul Bakker
0a59707523 - Added simple SSL session cache implementation
- Revamped session resumption handling
2012-09-25 21:55:46 +00:00
Paul Bakker
48916f9b67 - Added Secure Renegotiation (RFC 5746) 2012-09-16 19:57:18 +00:00
Paul Bakker
92eeea4627 - Modified CMakeLists to support zlib 2012-07-03 15:10:33 +00:00
Paul Bakker
12f5dbb8b4 - Fixed MD type to SHA1 2012-03-05 13:37:13 +00:00
Paul Bakker
89f3fc5bf1 - Removed superfluous debugging info 2012-02-16 13:36:38 +00:00
Paul Bakker
bdb912db69 - Added preliminary ASN.1 buffer writing support
- Added preliminary X509 Certificate Request writing support
 - Added key_app_writer example application
 - Added cert_req example application
2012-02-13 23:11:30 +00:00
Paul Bakker
b1dee1cfd2 - Changed commands to lowercase where it was not the case 2011-12-11 11:29:51 +00:00
Paul Bakker
69e095cc15 - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
b8ba90b316 - Enlarged default CRL size buffer 2011-12-05 14:34:12 +00:00
Paul Bakker
508ad5ab6d - Moved all examples programs to use the new entropy and CTR_DRBG 2011-12-04 17:09:26 +00:00
Paul Bakker
6c0ceb3f9a - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error 2011-12-04 12:24:18 +00:00
Paul Bakker
a3d195c41f - Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs 2011-11-27 21:07:34 +00:00
Paul Bakker
5c356d6f8f - Fixed typo 2011-11-25 13:17:45 +00:00
Paul Bakker
14cb63a40c - cert_app now prints all certificates in the file given, not just the first 2011-11-25 12:44:31 +00:00
Paul Bakker
cce9d77745 - Lots of minimal changes to better support WINCE as a build target 2011-11-18 14:26:47 +00:00
Paul Bakker
d3b486a743 - Fixed typo in usage 2011-10-12 10:15:05 +00:00
Paul Bakker
5690efccc4 - Fixed a whole bunch of dependencies on defines between files, examples and tests 2011-05-26 13:16:06 +00:00
Paul Bakker
831a755d9e - Changed behaviour of net_recv(), ssl_fetch_input() and ssl_read(). net_recv() now returns 0 on EOF instead of POLARSSL_ERR_NET_CONN_RESET. ssl_fetch_input() returns POLARSSL_ERR_SSL_CONN_EOF on an EOF from its f_recv() function. ssl_read() returns 0 if a POLARSSL_ERR_SSL_CONN_EOF is received after the handshake.
- Network functions now return POLARSSL_ERR_NET_WANT_READ or POLARSSL_ERR_NET_WANT_WRITE instead of the ambiguous POLARSSL_ERR_NET_TRY_AGAIN
2011-05-18 13:32:51 +00:00
Paul Bakker
a9507c063b - Added crl_app program to allow easy reading and printing of X509 CRLs from file 2011-02-12 15:27:28 +00:00
Paul Bakker
1a207ec8af - Set sane start values for structures that are closed or freed. 2011-02-06 13:22:40 +00:00
Paul Bakker
e3166ce040 - Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether
- Adapted in the rest of using code as well
2011-01-27 17:40:50 +00:00
Paul Bakker
b06819bb5d - Adapted CMake files for the PKCS#11 support 2011-01-18 16:18:38 +00:00
Paul Bakker
547f73d66f - Added install targets to the CMake files 2011-01-05 15:07:54 +00:00
Paul Bakker
b96f154e51 - Fixed copyright message 2010-07-18 20:36:00 +00:00
Paul Bakker
84f12b76fc - Updated Copyright to correct entity 2010-07-18 10:13:04 +00:00
Paul Bakker
fc8c4360b8 - Updated copyright line to 2010 2010-03-21 17:37:16 +00:00
Paul Bakker
1f3c39c194 - Removed copyright line for Christophe Devine for clarity 2010-03-21 17:30:05 +00:00
Paul Bakker
4fc45522f1 - Added cert_app application 2010-03-18 20:11:58 +00:00