WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
23,323 Commits
4 Branches
160 Tags
400 MiB
Commit Graph

72 Commits (a75c73cdef620056dcb52a9a19bfa18f7aaa1cbc)

Author SHA1 Message Date
Daniel Pouzzner 1c68da282c portability enhancement: use "#!/usr/bin/env <interpreter>" on all perl scripts and shell scripts that use bash extensions, and use "#!/bin/sh" on the rest. 2024-08-20 13:48:33 -05:00
Colton Willey 7434092a3a Increase default max alt names from 128 to 1024 2024-07-18 11:11:38 -07:00
JacobBarthelmeh 6c0aae714f update over max ext test certs and add them to renew script 2024-07-07 23:38:29 -07:00
Colton Willey 1310c97a22 Add new certs to include.am 2024-05-30 12:45:46 -07:00
Colton Willey 284dea43fe Unify max name testing to use cert files for both cases. 2024-05-29 19:00:15 -07:00
Colton Willey e620b47e1a Add configuration file for generating cert with too many name constraints 2024-05-29 18:23:13 -07:00
Colton Willey b00ae2ac69 Initial implementation of max limits on number of alternative names and name constraints 2024-05-29 15:55:17 -07:00
Sean Parkinson d4b1995a2c ASN.1 testing: add tests of bad DER encodings 
Certificates with bad DER encoded ASN.1 added to testing.
Fix comment in asn.c.
 2024-03-22 08:51:17 +10:00
Chris Conlon d0aa80eb37 update example/test certs for end of year release 2023-12-13 16:41:59 -07:00
JacobBarthelmeh c6aaa1310e end of year certificate update 2022-12-16 13:32:37 -08:00
Daniel Pouzzner abfc788389 script cleanup: use #!/bin/bash on all scripts that use "echo -e" (/bin/sh is sometimes a non-Bourne/non-POSIX shell, e.g. dash/ash, with no support for "echo -e"); fix whitespace. 2022-03-09 12:28:22 -06:00
Daniel Pouzzner c9a7393923 fixes for shell script errors detected by shellcheck --severity=error. 2022-03-08 12:51:48 -06:00
Juliusz Sosinowicz 15d0dd258a Add cert test for UID name component 2022-02-15 14:05:46 +01:00
JacobBarthelmeh c0f8fd5f5d update certificate dates and fix autorenew 2021-12-20 16:04:05 -08:00
Juliusz Sosinowicz 7d6f8ea255 Update wrong email in gen script 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz ef37eeaeaa Code review fixes 2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz c162196b27 Add x509 name attributes and extensions to DER parsing and generation 
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
 2021-10-28 14:50:53 +02:00
Jacob Barthelmeh f57801c17b more name constraint test cases and adjust DNS base name matching to not require . 2021-10-20 14:25:02 -06:00
Jacob Barthelmeh ab6939d200 add new test cert to make dist 2021-10-19 23:34:03 -06:00
Jacob Barthelmeh 3b73c6e3ae handle multiple permitted name constraints 2021-10-19 23:12:07 -06:00
Jacob Barthelmeh afee92e0cf bail out when a bad alt name is found in the list of alt names 2021-10-19 23:12:07 -06:00
Jacob Barthelmeh 3cd43cf692 fix for keyid with ktri cms 2021-06-22 21:33:12 +07:00
David Garske 3d5c5b39ac
Merge pull request #4134 from embhorn/joi-cert 
Update use of joi cert and add to renew script.
 2021-06-17 18:28:12 -07:00
Eric Blankenhorn 1307972344 Update use of joi cert and add to renew script. 2021-06-16 13:55:36 -05:00
David Garske 90d894b9fd Remove execute bit on update pem/der files. 2021-06-16 10:17:20 -07:00
David Garske 6d95188f4b Fixes for expired test certs. Generated using `cd certs/test && ./gen-testcerts.sh`. 2021-06-15 15:07:34 -07:00
Kareem Abuobeid 8071fac306 S/MIME: Add smime-test-canon.p7s to include.am 2021-04-30 15:30:55 -07:00
Kareem Abuobeid effcecf40d S/MIME: Add non-canonicalized test case 2021-04-30 15:07:37 -07:00
Jacob Barthelmeh f4519018eb remove execute bit on smime bundles 2021-02-15 23:33:31 +07:00
toddouska 67b1280bbf
Merge pull request #3545 from kabuobeid/smime 
Added support for reading S/MIME messages via SMIME_read_PKCS7.
 2021-02-10 15:59:32 -08:00
Jacob Barthelmeh 41e5e547c4 run renewcerts.sh script 2021-02-11 03:12:54 +07:00
Kareem Abuobeid a4e819c60a Added support for reading S/MIME messages via SMIME_read_PKCS7. 2021-02-08 17:14:37 -07:00
Jacob Barthelmeh 04e22b0747 add restriction to excluded DIR name constraint 2020-12-11 10:00:11 +07:00
Jacob Barthelmeh f00263889b add test case 2020-12-11 08:20:48 +07:00
Juliusz Sosinowicz fe1f815761 wolfSSL_X509V3_EXT_i2d: NID_ext_key_usage 2020-08-06 13:45:36 +02:00
Juliusz Sosinowicz 9e68de0fb7 Add test certs for ASN_IP_TYPE 2020-05-07 11:52:49 +02:00
Sean Parkinson 62a593e72e Recognise Netscape Certificate Type extension 
Checks the bit string is valid but doesn't store or use value.
(Some certificates have this extension as critical)
 2020-03-19 12:43:03 +10:00
David Garske 2ad80df1c7 Fix for `./certs/gen-testcerts.sh` sometimes reporting: "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ". 2019-04-05 09:01:44 -07:00
kaleb-himes ea06a3e8cb Resolve some persistent error report when conf not passed to req 2018-09-20 16:50:02 -06:00
David Garske 427c62e04a
Merge pull request #1841 from kaleb-himes/CERT_UPDATE_REFACTOR 
Cert update refactor
 2018-09-20 14:24:06 -07:00
kaleb-himes 17ebb0ea49 Update certs to address nightly failure with disable sha enable crl 2018-09-19 15:22:08 -06:00
kaleb-himes f3fd67c54b White space updates and revert cnf changes in lieu of PR #1734 2018-09-19 14:54:19 -06:00
kaleb-himes 4f6ee556dc Refactor the cert renewal scripts with error handling 
Portability updates
 2018-09-19 14:47:21 -06:00
David Garske 575382e5a9 Fix for load location test to handle multiple failure codes (failure may return ProcessFile error code or WOLFSSL_FAILURE). Moved expired certs and setup load location test for expired certs. 2018-09-07 15:30:30 -07:00
David Garske ae3d8d3779 * Fixed `wolfSSL_CTX_load_verify_locations` to continue loading if there is an error (ZD 4265). 
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
 2018-09-06 12:51:22 -07:00
Eric Blankenhorn bb574d28b2 Support for more cert subject OIDs and raw subject access (#1734) 
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
 2018-08-12 12:53:29 -07:00
John Safranek 0240cc7795 add missing certificates to the automake include 2018-07-12 17:06:02 -07:00
John Safranek adb3cc5a5a Subject Alt Name Matching 
1. Added certificates for localhost where the CN and SAN match and differ.
2. Change subject name matching so the CN is checked if the SAN list doesn't exit, and only check the SAN list if present.
3. Added a test case for the CN/SAN mismatch.
4. Old matching behavior restored with build option WOLFSSL_ALLOW_NO_CN_IN_SAN.
5. Add test case for a correct certificate.

Note: The test for the garbage certificate should fail. If you enable the old behavior, that test case will start succeeding, causing the test to fail.
 2018-07-02 13:39:11 -07:00
David Garske 61056829c5 Added success test cases for domain name match (SNI) in common name and alternate name. 2018-06-13 09:26:54 -07:00
David Garske 8fa1592542 Fix to use SHA256 for the self-signed test certificates. 2018-06-12 16:12:29 -07:00