WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
24,991 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

358 Commits (29482a3e4d17649c0b66e7c081d2ae05df6979b8)

Author SHA1 Message Date
Juliusz Sosinowicz 9e68de0fb7 Add test certs for ASN_IP_TYPE 2020-05-07 11:52:49 +02:00
Sean Parkinson ba401c9bde Fix testing using 4096 bits keys and parameters 
RSA PKCS #1.5 padding for signing is not reliant on a random.
 2020-04-14 12:03:51 +10:00
Sean Parkinson 62a593e72e Recognise Netscape Certificate Type extension 
Checks the bit string is valid but doesn't store or use value.
(Some certificates have this extension as critical)
 2020-03-19 12:43:03 +10:00
Sean Parkinson 2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
David Garske da882f3912 Added wolfCrypt RSA 4096-bit test support using `USE_CERT_BUFFERS_4096` build option (`./configure CFLAGS="-DUSE_CERT_BUFFERS_4096"`). 2020-02-23 18:40:13 -08:00
David Garske ba49427cc4 Cleanup include.am whitespace. 2020-01-30 08:44:52 -08:00
David Garske 3f1c3392e5 Fixes for build with opensslextra and 3072-bit cert buffers. Adds 3072-bit RSA public key der. Eliminates duplicate 3072-bit client cert/key. 2020-01-29 06:37:06 -08:00
Chris Conlon 1c56d62753
Merge pull request #2754 from dgarske/crypttest_3072 
wolfCrypt Test 3072-bit Support
 2020-01-23 07:55:19 -08:00
David Garske 06e3c90073
Merge pull request #2732 from kaleb-himes/ZD9730-spellchecker 
Fixing some typos. Thanks to Fossies for the report
 2020-01-22 13:52:56 -08:00
David Garske 84a878bda2 Fix for include .am issue. 2020-01-22 09:11:00 -08:00
David Garske 2a5c623c97 Fix for RSA without SHA512 build error. Fix or renew cert PEM to DER. 2020-01-22 08:15:34 -08:00
David Garske 4d9dbc9ec3 Adds 3072-bit RSA tests using `USE_CERT_BUFFERS_3072`. 2020-01-21 22:16:54 -08:00
JacobBarthelmeh 6b4551c012
Merge pull request #2654 from cariepointer/qt-512-513 
Add Qt 5.12 and 5.13 support
 2020-01-10 17:34:23 -07:00
kaleb-himes 9b8d4e91c2 Fixing some typos. Thanks to Fossies for the report 2020-01-10 11:45:51 -07:00
Carie Pointer 28cf563c76 Fixes from PR review: styling and formatting, remove duplicate code 2020-01-07 17:01:53 -07:00
Eric Blankenhorn b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
Carie Pointer ee13dfd878 Add Qt 5.12 and 5.13 support 
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
 2019-12-06 14:27:01 -07:00
toddouska 7a5c8f4e07
Merge pull request #2584 from SparkiDev/sp_rsa4096 
SP now has support for RSA/DH 4096-bit operations
 2019-11-18 15:38:47 -08:00
Sean Parkinson 411b130369 Add new 4096-bit cert and key to distribution 2019-11-14 09:13:24 +10:00
Sean Parkinson 5221c082f1 SP now has support for RSA/DH 4096-bit operations 2019-11-12 12:04:06 +10:00
David Garske 2bae1d27a1 wolfSSL Compatibility support for OpenVPN 
* Adds compatibility API's for:
	* `sk_ASN1_OBJECT_free`
	* `sk_ASN1_OBJECT_num`
	* `sk_ASN1_OBJECT_value`
	* `sk_X509_OBJECT_num`
	* `sk_X509_OBJECT_value`
	* `sk_X509_OBJECT_delete`
	* `sk_X509_NAME_find`
	* `sk_X509_INFO_free`
	* `BIO_get_len`
	* `BIO_set_ssl`
	* `BIO_should_retry` (stub)
	* `X509_OBJECT_free`
	* `X509_NAME_get_index_by_OBJ`
	* `X509_INFO_free`
	* `X509_STORE_get0_objects`
	* `X509_check_purpose` (stub)
	* `PEM_read_bio_X509_CRL`
	* `PEM_X509_INFO_read_bio`
	* `ASN1_BIT_STRING_new`
	* `ASN1_BIT_STRING_free`
	* `ASN1_BIT_STRING_get_bit`
	* `ASN1_BIT_STRING_set_bit`
	* `DES_check_key_parity`
	* `EC_GROUP_order_bits`
	* `EC_get_builtin_curves`
	* `EVP_CIPHER_CTX_cipher`
	* `EVP_PKEY_get0_EC_KEY`
	* `EVP_PKEY_get0_RSA`
	* `EVP_PKEY_get0_DSA` (stub)
	* `HMAC_CTX_new`
	* `HMAC_CTX_free`
	* `HMAC_CTX_reset`
	* `HMAC_size`
	* `OBJ_txt2obj`
	* `RSA_meth_new`
	* `RSA_meth_free`
	* `RSA_meth_set_pub_enc`
	* `RSA_meth_set_pub_dec`
	* `RSA_meth_set_priv_enc`
	* `RSA_meth_set_priv_dec`
	* `RSA_meth_set_init`
	* `RSA_meth_set_finish`
	* `RSA_meth_set0_app_data`
	* `RSA_get_method_data`
	* `RSA_set_method`
	* `RSA_get0_key`
	* `RSA_set0_key`
	* `RSA_flags`
	* `RSA_set_flags`
	* `RSA_bits`
	* `SSL_CTX_set_ciphersuites`
	* `SSL_CTX_set_security_level` (stub)
	* `SSL_export_keying_material` (stub)
	* `DSA_bits` (stub)
* Changes to support password callback trial and NO_PASSWORD. Replaces PR #2505.
* Renamed `wolfSSL_SSL_CTX_get_client_CA_list` to `wolfSSL_CTX_get_client_CA_list`.
* Cleanup of "sk" compatibility.
 2019-11-11 14:58:23 -08:00
David Garske 0e73af8b88
Merge pull request #2515 from JacobBarthelmeh/Testing 
Initial pass on test cycle
 2019-10-17 16:02:17 -07:00
Jacob Barthelmeh acd0a55d47 add new certs to extra dist 2019-10-15 14:23:01 -06:00
Jacob Barthelmeh b27504b222 update external test certificate 2019-10-15 10:11:38 -06:00
kaleb-himes 306b280ccd Add test cases and implement peer suggestions 
Fix failing jenkins test cases

Add detection for file size with static memory

Account for cert without pathLen constraint set including test cases

Resolve OCSP case and test where cert->pathLen expected to be NULL
 2019-10-11 15:03:38 -06:00
kaleb-himes 9c5fd165d0 addressing non RFC compliance in handling of pathLen constraint 2019-10-10 16:45:29 -06:00
David Garske 644e7a8f45 Fixes for PKCS8 w/wo encryption as DER/ASN.1. Fixes for building with `--disable-oldnames`. Fix to enable the PKCS8 enc test without openssl comat. Added additional PKCS8 tests. 2019-08-19 16:27:46 -07:00
Jacob Barthelmeh 13957e7762 update server-ecc-self.pem before/after dates 2019-07-23 09:27:39 -06:00
David Garske 2ad80df1c7 Fix for `./certs/gen-testcerts.sh` sometimes reporting: "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ". 2019-04-05 09:01:44 -07:00
David Garske 51251bc421 Fix for ssl23.h include for openssl compat with cyassl. 2019-04-01 11:10:29 -07:00
David Garske c7b5f772aa Add missing cert to include.am for make dist, which is required for `./gencertbuf.pl`. 2019-04-01 10:09:34 -07:00
Jacob Barthelmeh 8666b7de9a add test-ber-exp02-05-2022.p7b file for test 2019-02-06 11:11:27 -07:00
Jacob Barthelmeh ec28376e7f add PKCS7 BER verify test and fix for streaming 2019-02-06 11:05:15 -07:00
David Garske 59a3b4a110 New tests for cert chains, alternate cert chains, trusted peer certs and DH prime cleanup: 
* Added ECC and RSA intermediate CA's and server/client chain certificates for testing.
* Enhanced suites test to support expected fail arg `-H exitWithRet` in any test .conf file.
* Added new `test-altchains.conf` for testing with `WOLFSSL_ALT_CERT_CHAINS` defined.
* Added new `test-chains` for testing chains.
* Added new `test-dhprime.conf` for DH prime check tests.
* Added new `test-trustedpeer.conf` for testing `WOLFSSL_TRUST_PEER_CERT`.
* Refactor to add `-2` to disable DH prime check by default (except for new test-dhprime.conf).
* Added ability to run a specific test.conf file using syntax like `./tests/unit.test tests/test-altchains.conf`.
 2018-12-21 09:54:55 -08:00
Sean Parkinson 95bd340de5 Add support for more OpenSSL APIs 
Add support for PEM_read and PEM_write
Add OpenSSL PKCS#7 signed data support
Add OpenSSL PKCS#8 Private key APIs
Add X509_REQ OpenSSL APIs
 2018-11-20 07:54:24 +10:00
Jacob Barthelmeh cc3ccbaf0c add test for degenerate case and allow degenerate case by default 2018-10-30 17:04:33 -06:00
David Garske 3be7eacea9 Added client/server certs and keys for P-384-bit signed by P-384 CA. Fix for broken certs/ecc/genecc.sh script. Added simple P-384 cipher suite test. 2018-10-25 09:21:27 -07:00
David Garske 8b529d3d57 Add test for ECC private key with PKCS 8 encoding (no crypt) and `-----BEGIN EC PRIVATE KEY-----` header. 2018-10-17 10:01:29 -07:00
kaleb-himes dc942bf9cb Remove unnecessary duplicate revocation 2018-09-20 16:54:35 -06:00
kaleb-himes ea06a3e8cb Resolve some persistent error report when conf not passed to req 2018-09-20 16:50:02 -06:00
David Garske 427c62e04a
Merge pull request #1841 from kaleb-himes/CERT_UPDATE_REFACTOR 
Cert update refactor
 2018-09-20 14:24:06 -07:00
kaleb-himes 54e04dd312 posix compliance enhancements for portability 2018-09-20 10:30:11 -06:00
kaleb-himes 17ebb0ea49 Update certs to address nightly failure with disable sha enable crl 2018-09-19 15:22:08 -06:00
kaleb-himes f3fd67c54b White space updates and revert cnf changes in lieu of PR #1734 2018-09-19 14:54:19 -06:00
kaleb-himes 4f6ee556dc Refactor the cert renewal scripts with error handling 
Portability updates
 2018-09-19 14:47:21 -06:00
Eric Blankenhorn b1b7093a1d Revert addition of OIDs to cnf 2018-09-19 08:01:40 -05:00
David Garske f48e2067ae Added new API `wolfSSL_CTX_load_verify_chain_buffer_format` for loading CA cert chain as DER buffer list including API unit test. Support for device serial number OID. 2018-09-10 08:15:17 -07:00
David Garske 575382e5a9 Fix for load location test to handle multiple failure codes (failure may return ProcessFile error code or WOLFSSL_FAILURE). Moved expired certs and setup load location test for expired certs. 2018-09-07 15:30:30 -07:00
David Garske ae3d8d3779 * Fixed `wolfSSL_CTX_load_verify_locations` to continue loading if there is an error (ZD 4265). 
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
 2018-09-06 12:51:22 -07:00
Sean Parkinson 1ab17ac827 More changes to minimize dynamic memory usage. 
Change define to WOLFSSL_MEMORY_LOG.
Fix for ED25519 server certificate - single cert to allow comparison
with ECC dynamic memory usage.
Free memory earlier to reduce maximum memory usage in a connection.
Make MAX_ENCODED_SIG_SZ only as big as necessary.
Change memory allocation type in sha256 from RNG to DIGEST.
If we know the key type use it in decoding private key
 2018-08-21 14:41:01 +10:00
Eric Blankenhorn bb574d28b2 Support for more cert subject OIDs and raw subject access (#1734) 
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
 2018-08-12 12:53:29 -07:00
kaleb-himes ba3bc59771 further test control over ocsp-stapling tests 2018-08-10 11:44:16 -06:00
kaleb-himes 6113f68c21 make renewcerts-for-test use portable function declaration 2018-08-10 10:40:16 -06:00
kaleb-himes 35dbf9a6fe address file restoration issue present when git not available 2018-08-10 10:24:42 -06:00
John Safranek 5ae45436f4 OSCP 
1. Added a missed attr files for the OSCP status files. Bare minimum attr.
2. Added the attr files to the automake include.
3. Fix out of bounds read with the OCSP URL.
 2018-08-02 14:50:59 -07:00
John Safranek c71f730d67 OSCP 
1. Made killing the OCSP server process more reliable.
2. Added attr files for the OSCP status files. Bare minimum attr.
3. Added a NL to the error string from the client regarding external tests.
 2018-08-02 11:32:36 -07:00
kaleb-himes a178764a8b Portability and self-cleanup changes to ocsp test scripts 2018-08-02 09:47:13 -06:00
John Safranek 61ac7315e2 a certificate was named in an automake include that isn't actually in the tree, a similar named certificate is actually used 2018-07-31 17:25:35 -07:00
Sean Parkinson 6d3e145571 Changes to build with X25519 and Ed25519 only 
Allows configurations without RSA, DH and ECC but with Curve25519
algorithms to work with SSL/TLS using X25519 key exchange and Ed25519
certificates.
Fix Ed25519 code to call wc_Sha512Free().
Add certificates to test.h and fix examples to use them.
 2018-07-23 10:20:18 +10:00
John Safranek 0240cc7795 add missing certificates to the automake include 2018-07-12 17:06:02 -07:00
John Safranek adb3cc5a5a Subject Alt Name Matching 
1. Added certificates for localhost where the CN and SAN match and differ.
2. Change subject name matching so the CN is checked if the SAN list doesn't exit, and only check the SAN list if present.
3. Added a test case for the CN/SAN mismatch.
4. Old matching behavior restored with build option WOLFSSL_ALLOW_NO_CN_IN_SAN.
5. Add test case for a correct certificate.

Note: The test for the garbage certificate should fail. If you enable the old behavior, that test case will start succeeding, causing the test to fail.
 2018-07-02 13:39:11 -07:00
toddouska 0c74e778dc
Merge pull request #1633 from dgarske/bench_3072 
Benchmark support for 3072-bit RSA and DH
 2018-06-27 07:17:53 -07:00
Jacob Barthelmeh 8c9e0cd427 add options for OCSP test and combine certs 2018-06-22 15:58:27 -06:00
David Garske ed1c56a4fc Benchmark support for 3072-bit RSA and DH when `USE_CERT_BUFFERS_3072` is defined. 2018-06-22 09:30:33 -07:00
Jacob Barthelmeh 518c987c61 update CA for ocsp test 2018-06-21 12:13:33 -06:00
toddouska 15348d4936
Merge pull request #1612 from dgarske/fixmatchdomainname 
Fixes for `MatchDomainName` to properly detect failures
 2018-06-13 13:13:52 -07:00
David Garske 61056829c5 Added success test cases for domain name match (SNI) in common name and alternate name. 2018-06-13 09:26:54 -07:00
David Garske 8fa1592542 Fix to use SHA256 for the self-signed test certificates. 2018-06-12 16:12:29 -07:00
David Garske 1f16b36402 Fixes for `MatchDomainName` to properly detect failures: 
* Fix `MatchDomainName` to also check for remaining len on success check.
* Enhanced `DNS_entry` to include actual ASN.1 length and use it thoughout (was using XSTRLEN).

Added additional tests for matching on domain name:
* Check for bad common name with embedded null (CN=localhost\0h, Alt=None) - Note: Trouble creating cert with this criteria
* Check for bad alternate name with embedded null (CN=www.nomatch.com, Alt=localhost\0h)
* Check for bad common name (CN=www.nomatch.com, Alt=None)
* Check for bad alternate name (CN=www.nomatch.com, Alt=www.nomatch.com)
* Check for good wildcard common name (CN=*localhost, Alt=None)
* Check for good wildcard alternate name (CN=www.nomatch.com, Alt=*localhost)
 2018-06-12 14:15:34 -07:00
Sean Parkinson 5547a7b4bd Fix private-only keys and make them script generated 2018-06-08 17:38:11 +10:00
John Safranek f1588e0ad9 Fix Cert Includes 
1. Added files that were missing from the certs directory include.am files.
2. Fixed the duplicate items in the certs directory's include.am files.
3. Reorganized the certs directory include.am files to be a tree.
 2018-05-31 17:38:47 -07:00
John Safranek 8a61b7303a Remove execute bit from a few files. 2018-05-31 10:14:47 -07:00
toddouska 999663fae1
Merge pull request #1498 from JacobBarthelmeh/Certs 
update before/after dates with certificates
 2018-05-30 10:09:49 -07:00
Jacob Barthelmeh 1a7d208a60 add crl2.pem to renew certs script 2018-05-29 16:57:30 -06:00
David Garske a5c2e8b912 Added test for common name with invalid domain fails as expected when set with `wolfSSL_check_domain_name`. 2018-05-24 14:39:35 -07:00
toddouska 453daee965
Merge pull request #1523 from SparkiDev/ed25519_key 
Allow Ed25519 private-only keys to work in TLS
 2018-05-24 09:56:17 -07:00
Sean Parkinson 9358edf5dd Fixes from code review 
Include new private key files in release.
Set messages field to NULL after free.
 2018-05-24 08:43:28 +10:00
Sean Parkinson 58f523beba Allow Ed25519 private-only keys to work in TLS 
Change Ed25519 in TLS 1.2 to keep a copy of all the messages for
certificate verification - interop with OpenSSL.
 2018-05-24 08:43:28 +10:00
Jacob Barthelmeh 63a0e872c5 add test for fail case when parsing relative URI path 2018-05-14 14:27:02 -06:00
Jacob Barthelmeh bb979980ca add test case for parsing URI from certificate 2018-05-08 16:24:41 -06:00
David Garske 89a4c98670 * Added support for expected fail test cases with example client/server and suites unit test. 
* Added test for certificate with bad alt name containing a null character mid byte stream.
* Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test.
* Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`.
* Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
 2018-05-03 09:40:51 -07:00
Jacob Barthelmeh e895bacbba update before/after dates with certificates 2018-04-13 09:31:32 -06:00
Jacob Barthelmeh 607bd96317 add ocsp cert renew and test-pathlen to script 2018-03-14 16:35:16 -06:00
Jacob Barthelmeh e41f5de556 default generate ed25519 cert with renew and add ecc crls to script 2018-03-09 14:09:34 -07:00
Jacob Barthelmeh d9738563af add ed25519 certificate generation to renewcerts.sh 2018-03-09 10:43:36 -07:00
Jacob Barthelmeh f6b5427f2b bad sig certificate renew script 2018-03-09 09:50:52 -07:00
Jacob Barthelmeh 849e1eb10d updating renewcerts script 2018-03-09 00:35:14 -07:00
Jacob Barthelmeh f223f8fdfd update certificate after dates 2018-03-02 14:31:08 -07:00
John Safranek 7b1f6967c8 added another CA to the wolfssl website ca file 2018-03-01 11:57:12 -08:00
toddouska 9a4fe0fe4e
Merge pull request #1353 from dgarske/asn_strict 
Added RFC 5280 "must" checks
 2018-02-14 10:01:58 -08:00
Jacob Barthelmeh 62b8c0c3fd add test case for order of certificates with PKCS12 parse 2018-02-07 16:52:39 -07:00
David Garske c2a0de93b8 Fix to resolve wolfCrypt test for `cert_test nameConstraints test. Fixed ASN check to properly determine if certificate is CA type. 2018-02-07 12:48:33 -08:00
David Garske d7ae1df778 Fix to add `keyUsage` `keyAgreement` for the ECC server certificate. Resolves issue with openssl test using "ECDH-ECDSA" cipher suite. 2017-10-20 11:26:15 -07:00
David Garske 024c8725ad Testing improvements for cert gen and TLS cert validation: 
* Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled.
* Added new ECC CA for 384-bit tests.
* Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem)
* Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL.
* Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`.
* Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function.
* Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack).
* Cleanup to combine all certificate subject information into global `certDefaultName`.
* Updated cert request info to use wolfSSL instead of Yassl.
* Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`.
* Re-number error codes in rsa_test.
* Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
 2017-10-19 16:17:51 -07:00
Sean Parkinson f724206e37 Add test for 3072-bit RSA and DH and fix modexp 2017-10-17 08:36:39 +10:00
Sean Parkinson 90f8f67982 Single Precision maths for RSA (and DH) 
Single Precision ECC implementation
 2017-10-17 08:36:39 +10:00
Chris Conlon af00787f80 update root certs for ocsp scripts 2017-08-14 12:58:36 -06:00
Chris Conlon 667b8431cc Merge pull request #683 from moisesguimaraes/wolfssl-py 
wolfssl python wrapper
 2017-07-19 09:22:02 -07:00
Moisés Guimarães 54177c14b4 imports certs from ./certs 2017-07-03 12:31:47 -03:00
Jacob Barthelmeh b0f87fdcf7 update .am files for make dist 2017-06-22 14:14:45 -06:00
Moisés Guimarães a9d5dcae58 updates ocsp tests; adds check for OCSP response signed by issuer. 2017-06-21 14:12:12 -07:00
Sean Parkinson 13c4fe6cc4 Add test 2017-06-14 09:44:26 +10:00
Sean Parkinson 1db52f0c04 Fix to use different PEM header for EDDSA keys 
Include new cert and key files in distribution
Fix compile issue when only doing TLS13.
 2017-06-08 09:26:49 +10:00
Sean Parkinson 613d30bcae ED25519 TLS support 2017-06-08 09:26:49 +10:00
Sean Parkinson ff4fcf21d6 Add test for private key only ecc key 2017-05-15 10:04:42 +10:00
Sean Parkinson 4d77e80d04 Fix loading of CRLs and certs. 
Change function wolfSSL_X509_LOOKUP_load_file to load multiple CRLs and
certificates from a file.
Change CRL loading to have a flag to not verify CRL signature - only do
this when using wolfSSL_X509_LOOKUP_load_file() as the certificate is
not always available.
Add test case for loading multiple CRLs in one file without certificate.
 2017-05-15 10:04:42 +10:00
Jacob Barthelmeh 4c8fdf99c5 add digsigku to renewcerts script and update the not after date 2017-05-02 18:08:10 -06:00
kaleb-himes bddf0c52a6 add 'Class 3 Public Primary Certification Authority' to ocspstapling test certificate 2017-03-27 14:13:22 -06:00
toddouska d8261796a6 Merge pull request #813 from cconlon/addcert 
add server-keyPkcs8.der to include.am
 2017-03-22 14:58:22 -07:00
toddouska 4e6f70e15e Merge pull request #784 from JacobBarthelmeh/Cert-Report2 
error out with duplicate policy OID in a certificate policies extension
 2017-03-21 15:21:46 -07:00
Chris Conlon c46eb36b4e add server-keyPkcs8.der to include.am 2017-03-21 09:53:24 -06:00
Jacob Barthelmeh 3f33f2b995 add duplicate policy OID cert to dist 2017-03-16 15:49:40 -06:00
Jacob Barthelmeh faf2bacd56 error out with duplicate policy OID in a certificate policies extension 2017-03-16 15:48:15 -06:00
Chris Conlon efc2bb43d2 add wc_GetPkcs8TraditionalOffset() 2017-03-16 15:14:20 -06:00
Sean Parkinson 5c9eedbf69 Fixes from merge of test coverage changes 
Include new certificates in distribution.
Casting changes for clang.
Extra error code - recognize in test.
 2017-03-10 09:15:18 +10:00
Sean Parkinson 455fb96faa Extend testing for coverage 2017-03-01 09:37:18 +10:00
Jacob Barthelmeh 2daeecdb90 BIO s_socket and BN mod exp 2016-12-28 14:45:29 -07:00
Jacob Barthelmeh ff05c8a7a5 expanding compatibility layer 2016-12-28 14:45:29 -07:00
Chris Conlon 41f6863970 add missing certs and keys to certs/include.am 2016-12-14 09:46:41 -07:00
David Garske 039aedcfba Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der". 2016-11-30 16:26:02 -08:00
Jacob Barthelmeh b686deecbe PKCS12 : Add PKCS12 parsing 2016-10-29 13:12:26 -06:00
John Safranek 74002ce66a Add the new path length test certs to include.am. 2016-09-21 12:34:01 -07:00
John Safranek a42bd30278 CA Certificate Path Length Checking 
1. Check the path length between an intermediate CA cert and its
   signer's path length.
2. Always decode the path length if present and store it in the decoded
   certificate.
3. Save the path length into the signer list.
4. Path length capped at 127.
5. Added some test certs for checking CA path lengths.
 2016-09-20 21:36:37 -07:00
John Safranek ef9c4bf5c9 Add client-ca.pem to the automake include for dist. 2016-09-15 15:38:41 -07:00
John Safranek e3bb4c29e2 Fix openssl.test with the lean-TLS option 
1. Make new CA cert for test that is both client-cert.pem andr
   client-ecc-cert.pem.
2. Use the new client-ca.pem cert in the test script.
3. Update renewcerts script to generate client-ca.pem.
 2016-09-15 11:39:30 -07:00
kaleb-himes 03295ec6d7 update certs, extend ntru to 1000 days, add der formatted ecc, new ecc buffer test 
changes from first review

move to 256 bit defines
 2016-08-12 13:00:52 -06:00
kaleb-himes 4121667586 update certs pre-release: NTRU certs expired in mid june 2016-07-25 13:05:52 -06:00
Moisés Guimarães 858da86c05 restore original certs, without OCSP Authority Information Access; 2016-01-04 17:15:29 -03:00
Moisés Guimarães d817f0fbc8 fixes test scripts to avoid bash-isms 2016-01-04 09:27:58 -03:00
Moisés Guimarães 5fb8ea691a updates ocsp certs with better OCSP Responder URI. 2015-12-30 16:50:22 -03:00
Jacob Barthelmeh 0c21b67bb6 add ocsp needed certs to dist 2015-12-30 10:19:20 -07:00
Moisés Guimarães ec9d23a9c3 Merge branch 'csr' 2015-12-28 19:38:04 -03:00
toddouska d2bdea9d96 add new ca to wolfssl website 2015-10-20 11:28:25 -07:00
Chris Conlon edc9a24681 fix hard tabs in icerts/1024/include.am 2015-09-24 10:03:27 -06:00
Chris Conlon 86bdeaf490 add new 1024 certs/keys to include.am 2015-09-24 10:00:32 -06:00
toddouska dc1baabd27 update wolfssl website ca 2015-09-23 16:19:55 -07:00
Chris Conlon aa3780f6b0 add example 1024-bit server/CA certs and keys for testing 2015-09-23 13:37:34 -06:00
toddouska 088467d312 fix autoconf with new certext files 2015-09-11 14:10:11 -07:00
Ludovic FLAMENT d2ea6f7ef0 Add support for : 
- PEM public key loading
  - set/get KeyUsage in CSR and X.509
  - set/get SKID in CSR and X.509
  - set/get AKID in X.509
  - set/get two Certificate Policies OID in X.509
 2015-09-07 09:51:21 +02:00
toddouska 9f7209b484 add new certs to include.am 2015-07-23 16:37:37 -07:00
kaleb-himes 1a0a9de9c6 changes post review 
crl-revoked dash compliant. revoked-cert has unique fields

new print statements
 2015-07-23 17:05:25 -06:00
Nickolas Lapp 3732d31955 Fixed file cleanup in gencrls, finished support for crl.test update crls sign revoked cert 2015-07-22 10:37:24 -06:00
kaleb-himes d2de4719eb added way to gen revoked without running renewcerts 2015-07-22 09:31:23 -06:00
Nickolas Lapp 27202912e8 Adjusted gencrls and renewcerts to add a revoked server cert 2015-07-21 17:17:41 -06:00
kaleb-himes 4743dfe813 add a uniquely, always revoked server-cert for testing 2015-07-21 15:35:24 -06:00
John Safranek e61592b9d8 Added ECC test certificate for having keyUsage without digitalSignature. 2015-06-17 13:46:09 -07:00
John Safranek 64602d1969 added check for allowed minimum DH key size 2015-05-21 10:11:21 -07:00
kaleb-himes 173b1147b5 updated certs 2015-05-07 12:21:50 -06:00
kaleb-himes fc24885f17 updated subject matter for server-ecc.pem 2015-05-06 11:57:32 -06:00
toddouska 47ba1368c2 add wolfssl website ca, go daddy class2 CA 2015-04-28 14:15:31 -07:00
toddouska b12a1bb2e3 switch pkcs12 encrypted key to 3des since arc4 now off by default 2015-03-29 11:10:21 -07:00
toddouska defc66f8db update client encrypt key to 2048 bit version 2015-03-29 10:53:21 -07:00
toddouska a92d4c5719 fix server-keyPkcs8Enc.pem name change error, password, and add ecc pkcs8 encrypted file 2015-02-11 17:24:15 -08:00
kaleb-himes c539393ca4 updated all certs 2015-02-04 23:34:04 -07:00
kaleb-himes b7ba495924 all certs in renewcerts.sh -> 1000 days 2015-02-04 23:29:56 -07:00
kaleb-himes 9261aa1d6d crls updated 2015-02-02 11:24:30 -07:00
kaleb-himes 55d30ca277 new client-ecc-cert.pem/renewcerts updates/certs relavent name changes 2015-02-02 09:10:07 -07:00
kaleb-himes bd1ff08aa9 certs name changes 2014-12-29 11:53:25 -07:00
toddouska 3072edb696 add compressed key support 2014-08-29 14:25:58 -07:00
toddouska e99c7c2870 don't copy ntru-cert.der into certs/ 2014-07-31 16:45:30 -07:00
Kaleb Himes f51bba0a43 line 221 fix, portability improvements 2014-07-23 15:58:09 -06:00
Kaleb Himes 2f18af2f5f added --override-ntru, -h, -help, and error checking 2014-07-21 15:13:37 -06:00
toddouska 161fe4894b update ntru cert key w/ new ca 2014-07-11 15:22:16 -07:00
Kaleb Himes ba34ba0f0f crls to sha1 from sha256 2014-07-11 14:41:57 -06:00
Kaleb Himes 4972e0a70b updated certs 2014-07-11 14:14:53 -06:00
Kaleb Himes 15f432c521 updated certs 2014-07-11 13:55:10 -06:00
toddouska b7baf024ab add expired-ca for testing as well 2014-07-02 12:21:52 -07:00
toddouska be402277e0 add override cert date example for bad clock testing 2014-07-02 12:07:25 -07:00
Chris Conlon d875931a3f hook new DER files into include.am 2014-07-01 11:20:39 -06:00
Chris Conlon 3ea0f7b4ab add key/cert buffers for CA cert, server key/cert 2014-07-01 08:58:47 -06:00
Chris Conlon 544c86b8e4 update taoCerts.txt to use 1024 RSA by default, SHA1 instead of MD5 2014-06-20 10:16:07 -06:00
Chris Conlon 7e5287e578 update NTRU support, with help from thesourcerer8 2014-06-05 14:42:15 -06:00
John Safranek 54bf1f8d94 added new test certificates for failure cases 2014-03-13 11:19:54 -07:00
John Safranek 9a275fbe8b updated CRLs for a year 2014-02-07 12:17:01 -08:00
John Safranek 846511376c added x.509 text dump to the server-ecc.pem cert 2013-10-22 10:16:50 -07:00
John Safranek fca8d03d4c New server-ecc.pem. Old copy expired today. 2013-10-21 21:07:28 -07:00
toddouska 85d25798a5 update ntru cert expires dates, update crls while at it, don't turn on skid for crls since openssl/firefox don't use by default and cyassl needs crl extension parsing 2013-06-17 14:48:51 -07:00
John Safranek 87048698e5 use subject key id and authentication key id to ID CA certs in the signers list instead of subject name hashes. 2013-04-29 12:08:16 -07:00
toddouska 0480b2b60e update test crls 2013-04-01 15:55:03 -07:00
Chris Conlon 95e7226447 add BENCH_EMBEDDED flag to CTaoCrypt benchmark app 2013-01-30 16:19:19 -07:00
Chris Conlon 3ff842168e add cert/key buffer flags in CTaoCrypt benchmark for RSA, DH 2013-01-30 10:13:56 -07:00
Chris Conlon 532f0aaee7 add ability to use cert/key buffers in CTaoCrypt test app 2013-01-28 17:15:28 -07:00
toddouska 5e4c0c426c update test CRLs 2012-11-29 11:49:57 -08:00
Brian Aker 1be873533e This adds support for "make rpm" 2012-10-20 04:42:34 -04:00
toddouska 53ccbddd01 allow meta PEM data at end of file too 2012-09-17 17:25:38 -07:00
toddouska 15fe7f4d94 update CRLs switch to 120 days, add gen script 2012-08-10 11:02:46 -07:00
toddouska 08ff33894f add ECDH static cipher suite tests including RSA signed ECDH, clean up code with haveECDSA -> haveECDSAsig 2012-08-08 15:09:26 -07:00
toddouska 82a56daaaf ecc crls 2012-05-25 13:26:28 -07:00
toddouska 0aea2607b5 don't install example certs and keys 2012-05-23 10:28:02 -07:00
toddouska 5b5b7e231d fix crl dist and dev build 2012-05-18 16:35:19 -07:00
toddouska 86408406fd add metatdata to crls 2012-05-18 16:29:57 -07:00
toddouska 3d67caa353 normal crl doesn't revoke test certs, crl.revoked revokes test server 2012-05-18 16:24:23 -07:00
toddouska 3ec2b9dbbc crl stage 2 2012-05-16 17:04:56 -07:00
toddouska 306a2013a9 ecc client cert dist 2012-05-08 11:38:31 -07:00
toddouska 2a817adfcc ssh non ecc 2012-05-07 16:35:23 -07:00
toddouska 1c2b84d3dd ecc client certs 2012-05-02 10:30:15 -07:00
toddouska f0bec7dd02 note dhparam creation 2012-02-08 12:18:56 -08:00
toddouska 54db757f7f update client-key.der to new 2048 bit one 2011-12-28 16:33:45 -08:00
toddouska 775ca66edd ntru cert signed by new bigger test certs 2011-12-05 16:19:13 -08:00
toddouska e82516ad2a fix ecc pkcs8 import 2011-12-01 13:10:01 -08:00