020e23783b
Merge pull request #4180 from kaleb-himes/DEFAULT_CA_BOOL
...
Fix basic constraints extension present and CA Boolean not asserted
2021-07-19 23:08:27 +07:00
88b70a3906
update google cert that was set to expire in Dec 2021
2021-07-09 23:57:50 +07:00
93a8f36530
Fix basic constraints extension present and CA Boolean not asserted
2021-07-02 12:16:16 -06:00
3cd43cf692
fix for keyid with ktri cms
2021-06-22 21:33:12 +07:00
3d5c5b39ac
Merge pull request #4134 from embhorn/joi-cert
...
Update use of joi cert and add to renew script.
2021-06-17 18:28:12 -07:00
93ae372c55
Merge pull request #4132 from dgarske/exebits
...
Remove execute bit on update pem/der files
2021-06-16 17:20:53 -05:00
1307972344
Update use of joi cert and add to renew script.
2021-06-16 13:55:36 -05:00
90d894b9fd
Remove execute bit on update pem/der files.
2021-06-16 10:17:20 -07:00
d8fc01aabf
add cert generation to renewcerts script
2021-06-16 14:31:33 +07:00
5bb639f6db
Merge pull request #4126 from dgarske/certs_test_expired
...
Fixes for expired test certs
2021-06-16 11:25:54 +10:00
b73673a218
Merge pull request #3794 from TakayukiMatsuo/os_keyprint
...
Add wolfSSL_EVP_PKEY_print_public
2021-06-16 08:43:41 +10:00
6d95188f4b
Fixes for expired test certs. Generated using `cd certs/test && ./gen-testcerts.sh`.
2021-06-15 15:07:34 -07:00
5a78574a8a
Add new scripts to include.am.
2021-06-11 08:19:23 -07:00
779e3701e6
Merge branch 'master' of github.com:wolfSSL/wolfssl into os_keyprint
2021-06-11 13:56:52 +09:00
ed14e593c7
ED25119 and SHAKE-256: fixes
...
SHAKE-256 is off by default now. Make sure WOLFSSL_SHAKE256 doesn't make
it into options.h.
Fix openssl.test usage of ed25519 certificates.
Add scripts that regenerate certificates
2021-06-11 10:13:31 +10:00
3ecb8d5a3e
Merge pull request #4062 from dgarske/dh_key
...
DH Key and Params Export cleanups and Apache httpd fixes
2021-06-10 20:54:32 +10:00
4a85127507
Improve `wc_DhKeyToDer` for public key size calculation. Fixes bug with the output too (was missing 1 byte in length for the unused bits byte in bit string).
2021-06-08 09:55:56 -07:00
9b215c5138
Fixes for DH Pub key import/export and new test case. Improve `wc_DhParamsToDer`.
2021-06-08 09:27:30 -07:00
8779c3a884
ECC: Disable ECC but have Curve25519/448 and PK callbacks fix
...
Fix ed25519 certificates.
Tidy up testsuite.c
2021-05-10 10:32:55 +10:00
8071fac306
S/MIME: Add smime-test-canon.p7s to include.am
2021-04-30 15:30:55 -07:00
effcecf40d
S/MIME: Add non-canonicalized test case
2021-04-30 15:07:37 -07:00
491f3bc423
Add two public key files in certs folder and register them to gencertbuf.pl
2021-03-19 14:52:58 +09:00
44a20c8ce6
add more unit test case for load_crl_file
2021-03-05 08:19:14 +09:00
f4519018eb
remove execute bit on smime bundles
2021-02-15 23:33:31 +07:00
67b1280bbf
Merge pull request #3545 from kabuobeid/smime
...
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-10 15:59:32 -08:00
41e5e547c4
run renewcerts.sh script
2021-02-11 03:12:54 +07:00
a4e819c60a
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-08 17:14:37 -07:00
e2b411805d
add ca-cert-chain.der to renewcerts.sh, update ed25519 certs and gen script
2021-01-12 00:40:15 +07:00
6226edb394
Use CSR with smaller key size 4096 -> 2048
2020-12-18 12:48:25 +01:00
383df620bf
Add CSR test with Extension Request attribute
2020-12-17 14:27:46 +01:00
77c730361e
Jenkins fixes
2020-12-17 14:27:46 +01:00
2a9bb906a9
Implement wolfSSL_BIO_*_connect and wolfSSL_BIO_set_conn_port
...
Forgot to commit csr.dsa.pem for api.c
2020-12-17 14:26:49 +01:00
2689d499b9
Tests starting to pass
2020-12-17 14:26:49 +01:00
04e22b0747
add restriction to excluded DIR name constraint
2020-12-11 10:00:11 +07:00
f00263889b
add test case
2020-12-11 08:20:48 +07:00
10f459f891
Added TLS v1.2 and v1.3 test cases for ECC Koblitz and Brainpool curves (both server auth and mutual auth). Cipher suites: `ECDHE-ECDSA-AES128-GCM-SHA256`, `ECDH-ECDSA-AES128-GCM-SHA256` and `TLS13-AES128-GCM-SHA256`.
2020-11-10 09:47:36 -08:00
79dea1c85c
add test-servercert-rc2.p12 to include.am
2020-10-19 08:01:19 -06:00
062df01737
add PKCS12 RC2 test case, example p12 bundle
2020-10-16 12:02:20 -06:00
c2bb359eb4
Automake Fixes
...
1. A couple cert scripts don't need to be included in the makefile or the distribution.
2020-10-14 17:23:58 -07:00
0f6d391ea1
Merge pull request #3295 from SparkiDev/tls13_p521
...
TLS 1.3: Fix P-521 algorithm matching
2020-09-21 13:36:48 -07:00
409daa665d
Script to find exipred CRLs and certificates
...
Check for expiration in 3 months.
First argument is the offset. e.g. "+1 year"
2020-09-18 11:26:27 +10:00
d63ff07edc
TLS 1.3: Fix P-521 algorithm matching
...
Digest size compared to key size - P521 has large key size.
Fixed to round down.
Added P-521 keys and certificates.
Added testing of P-521 keys and certificcates to unittest.
2020-09-18 10:51:55 +10:00
3bd27f7912
fix a bad path in renewcerts
2020-08-12 15:17:21 -07:00
95337e666c
Release Update
...
1. Update the usual versions.
2. Update README and ChangeLog.
3. Modify genecc and renewcerts to update two certificate files that had expired.
4. Update the expired certificate files.
2020-08-12 14:43:47 -07:00
fe1f815761
wolfSSL_X509V3_EXT_i2d: NID_ext_key_usage
2020-08-06 13:45:36 +02:00
1b051d9c5b
TLS v1.3 sniffer support:
...
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
2020-07-17 15:22:35 -07:00
aa704420fd
Fix typo in include.am
2020-07-07 16:39:39 -06:00
42f3a6d7a4
Put both potential roots for login.live.com into collection for stapling test
2020-07-07 16:02:48 -06:00
efa169e595
Fix for invalid files in include.am. Improvement to new alt-chain tests to catch case this PR fixes.
2020-06-18 08:33:59 -07:00
5a5bc34aa5
Added second intermediate CA to testing certs. This creates a chain that looks like: `ROOT (www.wolfssl.com) -> INT (wolfSSL Intermediate CA) -> INT2 (wolfSSL Intermediate2 CA) -> PEER (wolfSSL Client Chain / wolfSSL Server Chain).`
2020-06-18 08:33:59 -07:00
9e68de0fb7
Add test certs for ASN_IP_TYPE
2020-05-07 11:52:49 +02:00
ba401c9bde
Fix testing using 4096 bits keys and parameters
...
RSA PKCS #1.5 padding for signing is not reliant on a random.
2020-04-14 12:03:51 +10:00
62a593e72e
Recognise Netscape Certificate Type extension
...
Checks the bit string is valid but doesn't store or use value.
(Some certificates have this extension as critical)
2020-03-19 12:43:03 +10:00
2c6eb7cb39
Add Curve448, X448, Ed448 implementations
2020-02-28 09:30:45 +10:00
da882f3912
Added wolfCrypt RSA 4096-bit test support using `USE_CERT_BUFFERS_4096` build option (`./configure CFLAGS="-DUSE_CERT_BUFFERS_4096"`).
2020-02-23 18:40:13 -08:00
ba49427cc4
Cleanup include.am whitespace.
2020-01-30 08:44:52 -08:00
3f1c3392e5
Fixes for build with opensslextra and 3072-bit cert buffers. Adds 3072-bit RSA public key der. Eliminates duplicate 3072-bit client cert/key.
2020-01-29 06:37:06 -08:00
1c56d62753
Merge pull request #2754 from dgarske/crypttest_3072
...
wolfCrypt Test 3072-bit Support
2020-01-23 07:55:19 -08:00
06e3c90073
Merge pull request #2732 from kaleb-himes/ZD9730-spellchecker
...
Fixing some typos. Thanks to Fossies for the report
2020-01-22 13:52:56 -08:00
84a878bda2
Fix for include .am issue.
2020-01-22 09:11:00 -08:00
2a5c623c97
Fix for RSA without SHA512 build error. Fix or renew cert PEM to DER.
2020-01-22 08:15:34 -08:00
4d9dbc9ec3
Adds 3072-bit RSA tests using `USE_CERT_BUFFERS_3072`.
2020-01-21 22:16:54 -08:00
6b4551c012
Merge pull request #2654 from cariepointer/qt-512-513
...
Add Qt 5.12 and 5.13 support
2020-01-10 17:34:23 -07:00
9b8d4e91c2
Fixing some typos. Thanks to Fossies for the report
2020-01-10 11:45:51 -07:00
28cf563c76
Fixes from PR review: styling and formatting, remove duplicate code
2020-01-07 17:01:53 -07:00
b83804cb9d
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
ee13dfd878
Add Qt 5.12 and 5.13 support
...
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
2019-12-06 14:27:01 -07:00
7a5c8f4e07
Merge pull request #2584 from SparkiDev/sp_rsa4096
...
SP now has support for RSA/DH 4096-bit operations
2019-11-18 15:38:47 -08:00
411b130369
Add new 4096-bit cert and key to distribution
2019-11-14 09:13:24 +10:00
5221c082f1
SP now has support for RSA/DH 4096-bit operations
2019-11-12 12:04:06 +10:00
2bae1d27a1
wolfSSL Compatibility support for OpenVPN
...
* Adds compatibility API's for:
* `sk_ASN1_OBJECT_free`
* `sk_ASN1_OBJECT_num`
* `sk_ASN1_OBJECT_value`
* `sk_X509_OBJECT_num`
* `sk_X509_OBJECT_value`
* `sk_X509_OBJECT_delete`
* `sk_X509_NAME_find`
* `sk_X509_INFO_free`
* `BIO_get_len`
* `BIO_set_ssl`
* `BIO_should_retry` (stub)
* `X509_OBJECT_free`
* `X509_NAME_get_index_by_OBJ`
* `X509_INFO_free`
* `X509_STORE_get0_objects`
* `X509_check_purpose` (stub)
* `PEM_read_bio_X509_CRL`
* `PEM_X509_INFO_read_bio`
* `ASN1_BIT_STRING_new`
* `ASN1_BIT_STRING_free`
* `ASN1_BIT_STRING_get_bit`
* `ASN1_BIT_STRING_set_bit`
* `DES_check_key_parity`
* `EC_GROUP_order_bits`
* `EC_get_builtin_curves`
* `EVP_CIPHER_CTX_cipher`
* `EVP_PKEY_get0_EC_KEY`
* `EVP_PKEY_get0_RSA`
* `EVP_PKEY_get0_DSA` (stub)
* `HMAC_CTX_new`
* `HMAC_CTX_free`
* `HMAC_CTX_reset`
* `HMAC_size`
* `OBJ_txt2obj`
* `RSA_meth_new`
* `RSA_meth_free`
* `RSA_meth_set_pub_enc`
* `RSA_meth_set_pub_dec`
* `RSA_meth_set_priv_enc`
* `RSA_meth_set_priv_dec`
* `RSA_meth_set_init`
* `RSA_meth_set_finish`
* `RSA_meth_set0_app_data`
* `RSA_get_method_data`
* `RSA_set_method`
* `RSA_get0_key`
* `RSA_set0_key`
* `RSA_flags`
* `RSA_set_flags`
* `RSA_bits`
* `SSL_CTX_set_ciphersuites`
* `SSL_CTX_set_security_level` (stub)
* `SSL_export_keying_material` (stub)
* `DSA_bits` (stub)
* Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505 .
* Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`.
* Cleanup of "sk" compatibility.
2019-11-11 14:58:23 -08:00
0e73af8b88
Merge pull request #2515 from JacobBarthelmeh/Testing
...
Initial pass on test cycle
2019-10-17 16:02:17 -07:00
acd0a55d47
add new certs to extra dist
2019-10-15 14:23:01 -06:00
b27504b222
update external test certificate
2019-10-15 10:11:38 -06:00
306b280ccd
Add test cases and implement peer suggestions
...
Fix failing jenkins test cases
Add detection for file size with static memory
Account for cert without pathLen constraint set including test cases
Resolve OCSP case and test where cert->pathLen expected to be NULL
2019-10-11 15:03:38 -06:00
9c5fd165d0
addressing non RFC compliance in handling of pathLen constraint
2019-10-10 16:45:29 -06:00
644e7a8f45
Fixes for PKCS8 w/wo encryption as DER/ASN.1. Fixes for building with `--disable-oldnames`. Fix to enable the PKCS8 enc test without openssl comat. Added additional PKCS8 tests.
2019-08-19 16:27:46 -07:00
13957e7762
update server-ecc-self.pem before/after dates
2019-07-23 09:27:39 -06:00
2ad80df1c7
Fix for `./certs/gen-testcerts.sh` sometimes reporting: "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ".
2019-04-05 09:01:44 -07:00
51251bc421
Fix for ssl23.h include for openssl compat with cyassl.
2019-04-01 11:10:29 -07:00
c7b5f772aa
Add missing cert to include.am for make dist, which is required for `./gencertbuf.pl`.
2019-04-01 10:09:34 -07:00
8666b7de9a
add test-ber-exp02-05-2022.p7b file for test
2019-02-06 11:11:27 -07:00
ec28376e7f
add PKCS7 BER verify test and fix for streaming
2019-02-06 11:05:15 -07:00
59a3b4a110
New tests for cert chains, alternate cert chains, trusted peer certs and DH prime cleanup:
...
* Added ECC and RSA intermediate CA's and server/client chain certificates for testing.
* Enhanced suites test to support expected fail arg `-H exitWithRet` in any test .conf file.
* Added new `test-altchains.conf` for testing with `WOLFSSL_ALT_CERT_CHAINS` defined.
* Added new `test-chains` for testing chains.
* Added new `test-dhprime.conf` for DH prime check tests.
* Added new `test-trustedpeer.conf` for testing `WOLFSSL_TRUST_PEER_CERT`.
* Refactor to add `-2` to disable DH prime check by default (except for new test-dhprime.conf).
* Added ability to run a specific test.conf file using syntax like `./tests/unit.test tests/test-altchains.conf`.
2018-12-21 09:54:55 -08:00
95bd340de5
Add support for more OpenSSL APIs
...
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
2018-11-20 07:54:24 +10:00
cc3ccbaf0c
add test for degenerate case and allow degenerate case by default
2018-10-30 17:04:33 -06:00
3be7eacea9
Added client/server certs and keys for P-384-bit signed by P-384 CA. Fix for broken certs/ecc/genecc.sh script. Added simple P-384 cipher suite test.
2018-10-25 09:21:27 -07:00
8b529d3d57
Add test for ECC private key with PKCS 8 encoding (no crypt) and `-----BEGIN EC PRIVATE KEY-----` header.
2018-10-17 10:01:29 -07:00
dc942bf9cb
Remove unnecessary duplicate revocation
2018-09-20 16:54:35 -06:00
ea06a3e8cb
Resolve some persistent error report when conf not passed to req
2018-09-20 16:50:02 -06:00
427c62e04a
Merge pull request #1841 from kaleb-himes/CERT_UPDATE_REFACTOR
...
Cert update refactor
2018-09-20 14:24:06 -07:00
54e04dd312
posix compliance enhancements for portability
2018-09-20 10:30:11 -06:00
17ebb0ea49
Update certs to address nightly failure with disable sha enable crl
2018-09-19 15:22:08 -06:00
f3fd67c54b
White space updates and revert cnf changes in lieu of PR #1734
2018-09-19 14:54:19 -06:00
4f6ee556dc
Refactor the cert renewal scripts with error handling
...
Portability updates
2018-09-19 14:47:21 -06:00
b1b7093a1d
Revert addition of OIDs to cnf
2018-09-19 08:01:40 -05:00
f48e2067ae
Added new API `wolfSSL_CTX_load_verify_chain_buffer_format` for loading CA cert chain as DER buffer list including API unit test. Support for device serial number OID.
2018-09-10 08:15:17 -07:00
575382e5a9
Fix for load location test to handle multiple failure codes (failure may return ProcessFile error code or WOLFSSL_FAILURE). Moved expired certs and setup load location test for expired certs.
2018-09-07 15:30:30 -07:00
ae3d8d3779
* Fixed `wolfSSL_CTX_load_verify_locations` to continue loading if there is an error (ZD 4265).
...
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
2018-09-06 12:51:22 -07:00
1ab17ac827
More changes to minimize dynamic memory usage.
...
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
2018-08-21 14:41:01 +10:00
bb574d28b2
Support for more cert subject OIDs and raw subject access ( #1734 )
...
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
2018-08-12 12:53:29 -07:00
ba3bc59771
further test control over ocsp-stapling tests
2018-08-10 11:44:16 -06:00
6113f68c21
make renewcerts-for-test use portable function declaration
2018-08-10 10:40:16 -06:00
35dbf9a6fe
address file restoration issue present when git not available
2018-08-10 10:24:42 -06:00
5ae45436f4
OSCP
...
1. Added a missed attr files for the OSCP status files. Bare minimum attr.
2. Added the attr files to the automake include.
3. Fix out of bounds read with the OCSP URL.
2018-08-02 14:50:59 -07:00
c71f730d67
OSCP
...
1. Made killing the OCSP server process more reliable.
2. Added attr files for the OSCP status files. Bare minimum attr.
3. Added a NL to the error string from the client regarding external tests.
2018-08-02 11:32:36 -07:00
a178764a8b
Portability and self-cleanup changes to ocsp test scripts
2018-08-02 09:47:13 -06:00
61ac7315e2
a certificate was named in an automake include that isn't actually in the tree, a similar named certificate is actually used
2018-07-31 17:25:35 -07:00
6d3e145571
Changes to build with X25519 and Ed25519 only
...
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
2018-07-23 10:20:18 +10:00
0240cc7795
add missing certificates to the automake include
2018-07-12 17:06:02 -07:00
adb3cc5a5a
Subject Alt Name Matching
...
1. Added certificates for localhost where the CN and SAN match and differ.
2. Change subject name matching so the CN is checked if the SAN list doesn't exit, and only check the SAN list if present.
3. Added a test case for the CN/SAN mismatch.
4. Old matching behavior restored with build option WOLFSSL_ALLOW_NO_CN_IN_SAN.
5. Add test case for a correct certificate.
Note: The test for the garbage certificate should fail. If you enable the old behavior, that test case will start succeeding, causing the test to fail.
2018-07-02 13:39:11 -07:00
0c74e778dc
Merge pull request #1633 from dgarske/bench_3072
...
Benchmark support for 3072-bit RSA and DH
2018-06-27 07:17:53 -07:00
8c9e0cd427
add options for OCSP test and combine certs
2018-06-22 15:58:27 -06:00
ed1c56a4fc
Benchmark support for 3072-bit RSA and DH when `USE_CERT_BUFFERS_3072` is defined.
2018-06-22 09:30:33 -07:00
518c987c61
update CA for ocsp test
2018-06-21 12:13:33 -06:00
15348d4936
Merge pull request #1612 from dgarske/fixmatchdomainname
...
Fixes for `MatchDomainName` to properly detect failures
2018-06-13 13:13:52 -07:00
61056829c5
Added success test cases for domain name match (SNI) in common name and alternate name.
2018-06-13 09:26:54 -07:00
8fa1592542
Fix to use SHA256 for the self-signed test certificates.
2018-06-12 16:12:29 -07:00
1f16b36402
Fixes for `MatchDomainName` to properly detect failures:
...
* Fix `MatchDomainName` to also check for remaining len on success check.
* Enhanced `DNS_entry` to include actual ASN.1 length and use it thoughout (was using XSTRLEN).
Added additional tests for matching on domain name:
* Check for bad common name with embedded null (CN=localhost\0h, Alt=None) - Note: Trouble creating cert with this criteria
* Check for bad alternate name with embedded null (CN=www.nomatch.com, Alt=localhost\0h)
* Check for bad common name (CN=www.nomatch.com, Alt=None)
* Check for bad alternate name (CN=www.nomatch.com, Alt=www.nomatch.com)
* Check for good wildcard common name (CN=*localhost, Alt=None)
* Check for good wildcard alternate name (CN=www.nomatch.com, Alt=*localhost)
2018-06-12 14:15:34 -07:00
5547a7b4bd
Fix private-only keys and make them script generated
2018-06-08 17:38:11 +10:00
f1588e0ad9
Fix Cert Includes
...
1. Added files that were missing from the certs directory include.am files.
2. Fixed the duplicate items in the certs directory's include.am files.
3. Reorganized the certs directory include.am files to be a tree.
2018-05-31 17:38:47 -07:00
8a61b7303a
Remove execute bit from a few files.
2018-05-31 10:14:47 -07:00
999663fae1
Merge pull request #1498 from JacobBarthelmeh/Certs
...
update before/after dates with certificates
2018-05-30 10:09:49 -07:00
1a7d208a60
add crl2.pem to renew certs script
2018-05-29 16:57:30 -06:00
a5c2e8b912
Added test for common name with invalid domain fails as expected when set with `wolfSSL_check_domain_name`.
2018-05-24 14:39:35 -07:00
453daee965
Merge pull request #1523 from SparkiDev/ed25519_key
...
Allow Ed25519 private-only keys to work in TLS
2018-05-24 09:56:17 -07:00
9358edf5dd
Fixes from code review
...
Include new private key files in release.
Set messages field to NULL after free.
2018-05-24 08:43:28 +10:00
58f523beba
Allow Ed25519 private-only keys to work in TLS
...
Change Ed25519 in TLS 1.2 to keep a copy of all the messages for
certificate verification - interop with OpenSSL.
2018-05-24 08:43:28 +10:00
63a0e872c5
add test for fail case when parsing relative URI path
2018-05-14 14:27:02 -06:00
bb979980ca
add test case for parsing URI from certificate
2018-05-08 16:24:41 -06:00
89a4c98670
* Added support for expected fail test cases with example client/server and suites unit test.
...
* Added test for certificate with bad alt name containing a null character mid byte stream.
* Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test.
* Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`.
* Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
e895bacbba
update before/after dates with certificates
2018-04-13 09:31:32 -06:00
607bd96317
add ocsp cert renew and test-pathlen to script
2018-03-14 16:35:16 -06:00
e41f5de556
default generate ed25519 cert with renew and add ecc crls to script
2018-03-09 14:09:34 -07:00
d9738563af
add ed25519 certificate generation to renewcerts.sh
2018-03-09 10:43:36 -07:00
f6b5427f2b
bad sig certificate renew script
2018-03-09 09:50:52 -07:00
849e1eb10d
updating renewcerts script
2018-03-09 00:35:14 -07:00
f223f8fdfd
update certificate after dates
2018-03-02 14:31:08 -07:00
7b1f6967c8
added another CA to the wolfssl website ca file
2018-03-01 11:57:12 -08:00
9a4fe0fe4e
Merge pull request #1353 from dgarske/asn_strict
...
Added RFC 5280 "must" checks
2018-02-14 10:01:58 -08:00
62b8c0c3fd
add test case for order of certificates with PKCS12 parse
2018-02-07 16:52:39 -07:00
c2a0de93b8
Fix to resolve wolfCrypt test for `cert_test nameConstraints test. Fixed ASN check to properly determine if certificate is CA type.
2018-02-07 12:48:33 -08:00
d7ae1df778
Fix to add `keyUsage` `keyAgreement` for the ECC server certificate. Resolves issue with openssl test using "ECDH-ECDSA" cipher suite.
2017-10-20 11:26:15 -07:00
024c8725ad
Testing improvements for cert gen and TLS cert validation:
...
* Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled.
* Added new ECC CA for 384-bit tests.
* Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem)
* Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL.
* Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`.
* Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function.
* Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack).
* Cleanup to combine all certificate subject information into global `certDefaultName`.
* Updated cert request info to use wolfSSL instead of Yassl.
* Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`.
* Re-number error codes in rsa_test.
* Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
2017-10-19 16:17:51 -07:00
f724206e37
Add test for 3072-bit RSA and DH and fix modexp
2017-10-17 08:36:39 +10:00
90f8f67982
Single Precision maths for RSA (and DH)
...
Single Precision ECC implementation
2017-10-17 08:36:39 +10:00
af00787f80
update root certs for ocsp scripts
2017-08-14 12:58:36 -06:00
667b8431cc
Merge pull request #683 from moisesguimaraes/wolfssl-py
...
wolfssl python wrapper
2017-07-19 09:22:02 -07:00
54177c14b4
imports certs from ./certs
2017-07-03 12:31:47 -03:00
b0f87fdcf7
update .am files for make dist
2017-06-22 14:14:45 -06:00
JacobBarthelmeh
kaleb-himes
David Garske
Eric Blankenhorn
Sean Parkinson
TakayukiMatsuo
Kareem Abuobeid
Hideki Miyazaki
toddouska
Juliusz Sosinowicz
Chris Conlon
John Safranek
Carie Pointer
Moisés Guimarães