summaryrefslogtreecommitdiff
path: root/usr.sbin/rpki-client/cert.c
AgeCommit message (Expand)Author
2021-11-05Simplify how IP addresses and AS numbers are passed between processes.Claudio Jeker
2021-11-04Instead of passing tal descriptions around just pass a tal id andClaudio Jeker
2021-11-02Only add CA certificates to the auth tree, skip BGPsec certificates.Claudio Jeker
2021-11-01Further simplify cert and auth handling. Move common code into auth_insertClaudio Jeker
2021-10-28Don't exit in certain cases on failures to parse x509 objects.Bob Beck
2021-10-27Add limits on size of certain untrusted inputsBob Beck
2021-10-26Also move the cert parser code away from using BIO.Claudio Jeker
2021-10-23Finnally move away from blocking reads in rpki-client. The code was aClaudio Jeker
2021-10-15zap 3 commentsJob Snijders
2021-10-12Emit SKI in the JSON output and improve flow in x509_get_pubkey()Job Snijders
2021-10-11Add support for BGPsec Router Certificates (RFC 8209)Job Snijders
2021-10-07Make sure BGPsec router certs don't have a SIAJob Snijders
2021-10-07Clarify error messageJob Snijders
2021-10-07Add x509_get_expire() to extract the not-after time from a certificateClaudio Jeker
2021-10-05Add rudimentary support for BGPsec router certificatesJob Snijders
2021-09-09Rework how various OIDs are compared in the code.Claudio Jeker
2021-07-13Add more checks for eContent 'version' fields.job
2021-05-27Fix more warningsjob
2021-05-27Fix warningjob
2021-03-05Factor out the URI check we do in various places into valid_uri().Claudio Jeker
2021-02-18Use X509_get_ext_d2i() also for x509_get_aki() and x509_get_ski().Claudio Jeker
2021-02-16get Authority Information Access (AIA) from CA & EE certsjob
2021-02-08Extract the 1.3.6.1.5.5.7.48.5 (caRepository) SIA from the certificate.Claudio Jeker
2021-02-04Eventhough most openssl includes include everything try to be a bit moreClaudio Jeker
2021-01-29A while ago rpki-client was changed to validate the sha256 hashes ofClaudio Jeker
2021-01-08Start using the ibuf API (ibuf_dynamic, ibuf_add, ibuf_close) for writingClaudio Jeker
2020-12-21Now that a NULL string is marshalled as NULL again we can drop someClaudio Jeker
2020-12-07Limit the URL embedded in .cer files to only consist out of isalnum orClaudio Jeker
2020-10-24Refactor sbgp_sia_resource_mft() similar to sbgp_sia_resource_notify().Claudio Jeker
2020-09-12Include openssl/x509.h in extern.h since it uses a few of the typedefs fromClaudio Jeker
2020-07-28One tiny step towards adding RRDP support in rpki-client.Claudio Jeker
2020-07-27Fix return value check for openssl API. Do not return success if pkey is NULL.tobhe
2020-04-02Use fopen() and BIO_new_fd() instead of BIO_new_file so that a possibleClaudio Jeker
2020-02-26ugly spaces offended meTheo de Raadt
2019-11-29commited at minus 21 degCSebastian Benoit
2019-11-28Convert the auths array into an RB tree indexed by SKI. For fast lookupsClaudio Jeker
2019-11-28The root certs do not have a CRL distribution point extension so don'tClaudio Jeker
2019-11-28Use x509_get_crl() to get the crl distribution point out of the x509 cert.Claudio Jeker
2019-11-28To verify a manifest, a roa, or a certificate, we check its signatureSebastian Benoit
2019-11-27Only store ta certs in the trust store and build chains of theSebastian Benoit
2019-08-13Show the most common warnings only if verbose is set. Most of these warningsClaudio Jeker
2019-06-20Rewrite some if () { } else if () {} chains into multiple independentClaudio Jeker
2019-06-19use $OpenBSD$ headersTheo de Raadt
2019-06-19indentation adjustments, in particular near warn statementsTheo de Raadt
2019-06-19swap comparisonsTheo de Raadt
2019-06-17Don't do -portable in base. It is better done outside the tree.Theo de Raadt
2019-06-17Import Kristaps Dzonsons' RPKI validator into the treejob
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 03:13:22 +0000