summaryrefslogtreecommitdiff
path: root/usr.sbin/rpki-client/cert.c
AgeCommit message (Expand)Author
2022-02-04More consistency in the return code docs.Theo Buehler
2022-02-04Document certificate_policies() in a comment.Theo Buehler
2022-02-04Ensure that certificate policies follow RFC 7318Theo Buehler
2022-01-20Move the notBefore and notAfter checks from proc_parser_root_cert()Claudio Jeker
2022-01-18Use X509_get0_pubkey() for opk and remove the EVP_PKEY_free(opk).Claudio Jeker
2022-01-18Change cert_parse() and ta_parse() to no longer take a x509 handle asClaudio Jeker
2022-01-18Cleanup the scattered OBJ_txt2obj() calls and move them intoClaudio Jeker
2021-12-26fix spelling of inheritanceTheo Buehler
2021-12-26Check ipAddrBlock and autonomousSysNum for criticalityTheo Buehler
2021-11-05Simplify how IP addresses and AS numbers are passed between processes.Claudio Jeker
2021-11-04Instead of passing tal descriptions around just pass a tal id andClaudio Jeker
2021-11-02Only add CA certificates to the auth tree, skip BGPsec certificates.Claudio Jeker
2021-11-01Further simplify cert and auth handling. Move common code into auth_insertClaudio Jeker
2021-10-28Don't exit in certain cases on failures to parse x509 objects.Bob Beck
2021-10-27Add limits on size of certain untrusted inputsBob Beck
2021-10-26Also move the cert parser code away from using BIO.Claudio Jeker
2021-10-23Finnally move away from blocking reads in rpki-client. The code was aClaudio Jeker
2021-10-15zap 3 commentsJob Snijders
2021-10-12Emit SKI in the JSON output and improve flow in x509_get_pubkey()Job Snijders
2021-10-11Add support for BGPsec Router Certificates (RFC 8209)Job Snijders
2021-10-07Make sure BGPsec router certs don't have a SIAJob Snijders
2021-10-07Clarify error messageJob Snijders
2021-10-07Add x509_get_expire() to extract the not-after time from a certificateClaudio Jeker
2021-10-05Add rudimentary support for BGPsec router certificatesJob Snijders
2021-09-09Rework how various OIDs are compared in the code.Claudio Jeker
2021-07-13Add more checks for eContent 'version' fields.job
2021-05-27Fix more warningsjob
2021-05-27Fix warningjob
2021-03-05Factor out the URI check we do in various places into valid_uri().Claudio Jeker
2021-02-18Use X509_get_ext_d2i() also for x509_get_aki() and x509_get_ski().Claudio Jeker
2021-02-16get Authority Information Access (AIA) from CA & EE certsjob
2021-02-08Extract the 1.3.6.1.5.5.7.48.5 (caRepository) SIA from the certificate.Claudio Jeker
2021-02-04Eventhough most openssl includes include everything try to be a bit moreClaudio Jeker
2021-01-29A while ago rpki-client was changed to validate the sha256 hashes ofClaudio Jeker
2021-01-08Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writingClaudio Jeker
2020-12-21Now that a NULL string is marshalled as NULL again we can drop someClaudio Jeker
2020-12-07Limit the URL embedded in .cer files to only consist out of isalnum orClaudio Jeker
2020-10-24Refactor sbgp_sia_resource_mft() similar to sbgp_sia_resource_notify().Claudio Jeker
2020-09-12Include openssl/x509.h in extern.h since it uses a few of the typedefs fromClaudio Jeker
2020-07-28One tiny step towards adding RRDP support in rpki-client.Claudio Jeker
2020-07-27Fix return value check for openssl API. Do not return success if pkey is NULL.tobhe
2020-04-02Use fopen() and BIO_new_fd() instead of BIO_new_file so that a possibleClaudio Jeker
2020-02-26ugly spaces offended meTheo de Raadt
2019-11-29commited at minus 21 degCSebastian Benoit
2019-11-28Convert the auths array into an RB tree indexed by SKI. For fast lookupsClaudio Jeker
2019-11-28The root certs do not have a CRL distribution point extension so don'tClaudio Jeker
2019-11-28Use x509_get_crl() to get the crl distribution point out of the x509 cert.Claudio Jeker
2019-11-28To verify a manifest, a roa, or a certificate, we check its signatureSebastian Benoit
2019-11-27Only store ta certs in the trust store and build chains of theSebastian Benoit
2019-08-13Show the most common warnings only if verbose is set. Most of these warningsClaudio Jeker
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-26 22:20:54 +0000