Daniel Pouzzner
1c68da282c
portability enhancement: use "#!/usr/bin/env <interpreter>" on all perl scripts and shell scripts that use bash extensions, and use "#!/bin/sh" on the rest.
2024-08-20 13:48:33 -05:00
Colton Willey
7434092a3a
Increase default max alt names from 128 to 1024
2024-07-18 11:11:38 -07:00
JacobBarthelmeh
6c0aae714f
update over max ext test certs and add them to renew script
2024-07-07 23:38:29 -07:00
Colton Willey
1310c97a22
Add new certs to include.am
2024-05-30 12:45:46 -07:00
Colton Willey
284dea43fe
Unify max name testing to use cert files for both cases.
2024-05-29 19:00:15 -07:00
Colton Willey
e620b47e1a
Add configuration file for generating cert with too many name constraints
2024-05-29 18:23:13 -07:00
Colton Willey
b00ae2ac69
Initial implementation of max limits on number of alternative names and name constraints
2024-05-29 15:55:17 -07:00
Sean Parkinson
d4b1995a2c
ASN.1 testing: add tests of bad DER encodings
...
Certificates with bad DER encoded ASN.1 added to testing.
Fix comment in asn.c.
2024-03-22 08:51:17 +10:00
Chris Conlon
d0aa80eb37
update example/test certs for end of year release
2023-12-13 16:41:59 -07:00
JacobBarthelmeh
c6aaa1310e
end of year certificate update
2022-12-16 13:32:37 -08:00
Daniel Pouzzner
abfc788389
script cleanup: use #!/bin/bash on all scripts that use "echo -e" (/bin/sh is sometimes a non-Bourne/non-POSIX shell, e.g. dash/ash, with no support for "echo -e"); fix whitespace.
2022-03-09 12:28:22 -06:00
Daniel Pouzzner
c9a7393923
fixes for shell script errors detected by shellcheck --severity=error.
2022-03-08 12:51:48 -06:00
Juliusz Sosinowicz
15d0dd258a
Add cert test for UID name component
2022-02-15 14:05:46 +01:00
JacobBarthelmeh
c0f8fd5f5d
update certificate dates and fix autorenew
2021-12-20 16:04:05 -08:00
Juliusz Sosinowicz
7d6f8ea255
Update wrong email in gen script
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
ef37eeaeaa
Code review fixes
2021-10-28 14:50:53 +02:00
Juliusz Sosinowicz
c162196b27
Add x509 name attributes and extensions to DER parsing and generation
...
- Postal Code
- Street Address
- External Key Usage
- Netscape Certificate Type
- CRL Distribution Points
- Storing full Authority Key Identifier information
- Add new certificates to `certs/test` for testing
- Update WOLFSSL_ASN_TEMPLATE to match new features
2021-10-28 14:50:53 +02:00
Jacob Barthelmeh
f57801c17b
more name constraint test cases and adjust DNS base name matching to not require .
2021-10-20 14:25:02 -06:00
Jacob Barthelmeh
ab6939d200
add new test cert to make dist
2021-10-19 23:34:03 -06:00
Jacob Barthelmeh
3b73c6e3ae
handle multiple permitted name constraints
2021-10-19 23:12:07 -06:00
Jacob Barthelmeh
afee92e0cf
bail out when a bad alt name is found in the list of alt names
2021-10-19 23:12:07 -06:00
Jacob Barthelmeh
3cd43cf692
fix for keyid with ktri cms
2021-06-22 21:33:12 +07:00
David Garske
3d5c5b39ac
Merge pull request #4134 from embhorn/joi-cert
...
Update use of joi cert and add to renew script.
2021-06-17 18:28:12 -07:00
Eric Blankenhorn
1307972344
Update use of joi cert and add to renew script.
2021-06-16 13:55:36 -05:00
David Garske
90d894b9fd
Remove execute bit on update pem/der files.
2021-06-16 10:17:20 -07:00
David Garske
6d95188f4b
Fixes for expired test certs. Generated using `cd certs/test && ./gen-testcerts.sh`.
2021-06-15 15:07:34 -07:00
Kareem Abuobeid
8071fac306
S/MIME: Add smime-test-canon.p7s to include.am
2021-04-30 15:30:55 -07:00
Kareem Abuobeid
effcecf40d
S/MIME: Add non-canonicalized test case
2021-04-30 15:07:37 -07:00
Jacob Barthelmeh
f4519018eb
remove execute bit on smime bundles
2021-02-15 23:33:31 +07:00
toddouska
67b1280bbf
Merge pull request #3545 from kabuobeid/smime
...
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-10 15:59:32 -08:00
Jacob Barthelmeh
41e5e547c4
run renewcerts.sh script
2021-02-11 03:12:54 +07:00
Kareem Abuobeid
a4e819c60a
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-08 17:14:37 -07:00
Jacob Barthelmeh
04e22b0747
add restriction to excluded DIR name constraint
2020-12-11 10:00:11 +07:00
Jacob Barthelmeh
f00263889b
add test case
2020-12-11 08:20:48 +07:00
Juliusz Sosinowicz
fe1f815761
wolfSSL_X509V3_EXT_i2d: NID_ext_key_usage
2020-08-06 13:45:36 +02:00
Juliusz Sosinowicz
9e68de0fb7
Add test certs for ASN_IP_TYPE
2020-05-07 11:52:49 +02:00
Sean Parkinson
62a593e72e
Recognise Netscape Certificate Type extension
...
Checks the bit string is valid but doesn't store or use value.
(Some certificates have this extension as critical)
2020-03-19 12:43:03 +10:00
David Garske
2ad80df1c7
Fix for `./certs/gen-testcerts.sh` sometimes reporting: "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ".
2019-04-05 09:01:44 -07:00
kaleb-himes
ea06a3e8cb
Resolve some persistent error report when conf not passed to req
2018-09-20 16:50:02 -06:00
David Garske
427c62e04a
Merge pull request #1841 from kaleb-himes/CERT_UPDATE_REFACTOR
...
Cert update refactor
2018-09-20 14:24:06 -07:00
kaleb-himes
17ebb0ea49
Update certs to address nightly failure with disable sha enable crl
2018-09-19 15:22:08 -06:00
kaleb-himes
f3fd67c54b
White space updates and revert cnf changes in lieu of PR #1734
2018-09-19 14:54:19 -06:00
kaleb-himes
4f6ee556dc
Refactor the cert renewal scripts with error handling
...
Portability updates
2018-09-19 14:47:21 -06:00
David Garske
575382e5a9
Fix for load location test to handle multiple failure codes (failure may return ProcessFile error code or WOLFSSL_FAILURE). Moved expired certs and setup load location test for expired certs.
2018-09-07 15:30:30 -07:00
David Garske
ae3d8d3779
* Fixed `wolfSSL_CTX_load_verify_locations` to continue loading if there is an error (ZD 4265).
...
* Added new `wolfSSL_CTX_load_verify_locations_ex` that supports flags `WOLFSSL_LOAD_FLAG_IGNORE_ERR`, `WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY` and `WOLFSSL_LOAD_FLAG_PEM_CA_ONLY`.
* Fix for `PemToDer` to handle PEM which may include a null terminator in length at end of file length causing wrong error code to be returned. Added test case for this. (ZD 4278)
* Added macro to override default flags for `wolfSSL_CTX_load_verify_locations` using `WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS`.
* Added tests for loading CA PEM's from directory using `wolfSSL_CTX_load_verify_locations` and `wolfSSL_CTX_load_verify_locations_ex` with flags.
* Added tests for `wolfSSL_CertManagerLoadCABuffer`.
* Updated the expired test certs and added them to `./certs/test/gen-testcerts.sh` script.
2018-09-06 12:51:22 -07:00
Eric Blankenhorn
bb574d28b2
Support for more cert subject OIDs and raw subject access ( #1734 )
...
* Add businessCategory OID
* Raw subject support methods
* Support for jurisdiction OIDs
* Wrap in WOLFSSL_CERT_EXT
* Adding tests
2018-08-12 12:53:29 -07:00
John Safranek
0240cc7795
add missing certificates to the automake include
2018-07-12 17:06:02 -07:00
John Safranek
adb3cc5a5a
Subject Alt Name Matching
...
1. Added certificates for localhost where the CN and SAN match and differ.
2. Change subject name matching so the CN is checked if the SAN list doesn't exit, and only check the SAN list if present.
3. Added a test case for the CN/SAN mismatch.
4. Old matching behavior restored with build option WOLFSSL_ALLOW_NO_CN_IN_SAN.
5. Add test case for a correct certificate.
Note: The test for the garbage certificate should fail. If you enable the old behavior, that test case will start succeeding, causing the test to fail.
2018-07-02 13:39:11 -07:00
David Garske
61056829c5
Added success test cases for domain name match (SNI) in common name and alternate name.
2018-06-13 09:26:54 -07:00
David Garske
8fa1592542
Fix to use SHA256 for the self-signed test certificates.
2018-06-12 16:12:29 -07:00