Martin Willi
4d7a762871
credmgr: introduce a hook function to catch trust chain validation errors
2013-07-18 16:00:30 +02:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Martin Willi
fd4ff11858
Add signature schemes to auth_cfg during trustchain validation
2012-06-12 14:24:49 +02:00
Martin Willi
747f837cce
Added a flag to register local credential sets exclusively, disabling all others
2012-03-20 17:31:28 +01:00
Thomas Egerer
6e5e2762d3
Handle certificates being on hold in a CRL
...
Certificates which are set on hold in a CRL might be removed from any
subsequent CRL. Hence you cannot conclude that a certificate is revoked
for good in this case, you would try to retrieve an update CRL to see if
the certificate on hold is still on it or not.
2011-11-04 11:11:17 +01:00
Andreas Steffen
d390b3b901
[hopefully] fixed pathlen problem on ARM platforms
2011-02-10 15:51:18 +01:00
Martin Willi
7b3740d958
Added support for delta CRL checking to revocation plugin
2011-01-05 16:46:07 +01:00
Martin Willi
d3a18dade1
Check for issuer only if we actually got a CRL
2011-01-05 16:46:06 +01:00
Martin Willi
6aba6ff061
Pass an additional anchor flag to validate() hook if we reach the root CA
2011-01-05 16:46:04 +01:00
Martin Willi
09e319d419
Always pass auth info to validate(), use pathlen to check for user certificate
2011-01-05 16:46:04 +01:00
Martin Willi
a6478a0402
Simplified format of x509 CRL URI parsing/enumerator
2011-01-05 16:46:03 +01:00
Martin Willi
6840a6fb98
CRL/OCSP validation stores trustchain information in auth_cfg
2011-01-05 16:45:56 +01:00
Martin Willi
7d7beaa1fa
Use certificate CRLIssuer information to look up cacched CRLs or CDPs
2011-01-05 16:45:56 +01:00
Martin Willi
4e508517d7
Added support for CRL Issuers to x509 and OpenSSL plugins
2011-01-05 16:45:55 +01:00
Martin Willi
0406eeaacb
Support different encoding types in certificate.get_encoding()
2010-07-13 13:53:20 +02:00
Martin Willi
da9724e6d0
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
2010-07-13 11:29:35 +02:00
Martin Willi
c2e5cee413
Moved CRL/OCSP checking to a dedicated plugin called revocation
2010-07-13 10:26:07 +02:00