Age | Commit message (Collapse) | Author |
|
|
|
Some certificate issuers like Apple use USA instead of US as a country
name. This makes handshake with a server not possible as this considered
as not valid certificate. This commit eases that requirement to allow
both 2 and 3 letters country names.
|
|
|
|
|
|
|
|
|
|
|
|
At the bottom of the file PKIX1Explicit88.asn1 there is a commenet
about upper bounds and diffrent types of strings. Adhere to this
so that we can accept all certificates that openSSL does.
For example: httpc:request("https://dl.sciencesocieties.org/").
|
|
|
|
* E.I bitstrings will not be decode as {Unused, Binary}, they are now
Erlang bitstrings.
* Also the compact_bit_string implies the legacy_erlang_types switch
- So removing the switch will also make OCTET STRING values be represented
as binaries.
- Undecoded open type will now be wrapped in a asn1_OPENTYPE tuple.
We need to handle this in pubkey_pbe.erl, maybe this can be eliminated
later by updating/refreshing ASN1-specs.
This will change some values in records returned by the public_key API
making this change a potentiall incompatibility.
|
|
|
|
|
|
Author: Daniel Barney <[email protected]>
Date: Thu Oct 25 14:33:11 2012 -0600
Most common browsers are lax in thier handling of how the
emailAddress field is encoded. RFC 3280 section 4.1.2.6
defines the encoding as IA5String, however browsers will
also handle certificates with the emailAddress field
encoded as UTF8String. This fix allows the emailAddress
to be decoded as both an IA5String and an UTF8String.
Reviewed by: Andrew Bennett <[email protected]>
|
|
|
|
|
|
|
|
Some certificates may use these OIDs instead of the ones defined by
PKIX/PKCS standard.
Refactor code so that all handling of the "duplicate" oids is done by
public_key.
Update algorithm information in documentation.
|
|
* bjorn/asn1/further-cleanup/OTP-10588: (28 commits)
Don't export encode_disp/2 and decode_disp/2 in generated modules
Remove vestiges of support for the {TypeName,Value} notation
Simplify the functions for decoding lengths
per,uper: Optimize decoding of the remaining data types
per,uper: Optimize decoding of the remaining string types
Share all code for dec_gen_prim/3 between per/uper back-ends
per,uper: Optimize decoding of the string data types
testPrimStrings: Test some constraints
By default, encode BIT STRING to bitstrings
Teach encode functions to accept a bitstring term for a BIT STRING
Fix EXTERNAL 1990/1994 conversion information loss
uper: Look up some SizeConstraints at compile-time
Enumeration decoding: Don't emit a default clause if it cannot match
Slightly optimize per encoding of large INTEGERs with constraints
BER run-time: Refactor decoding of string data types
Refactor decoding of BIT STRINGs
Optimize encoding of ENUMERATED in per and uper
Remove the unused run-time modules
eldap: Remove calls to undocumented asn1rt* functions
BER: Correct bug in 'undec_rest'
...
|
|
Due to some limitations in the ASN-1 compiler we inline
some PKCS-9 in other specs for now.
Also corrected documentation.
|
|
|
|
* nox/enable-silent-rules/OTP-10726:
Implement ./otp_build configure --enable-silent-rules
|
|
With silent rules, the output of make is less verbose and compilation
warnings are easier to spot. Silent rules are disabled by default and
can be disabled or enabled at will by make V=0 and make V=1.
|
|
|
|
|
|
|
|
Used defenitions from PKIX1Explicit88 to avoid most
of the overcomplicated InformationalFrameWork (and friends) ASN-1 specs.
We want to keep the public_key API as small and simple as possible.
|
|
|
|
The ASN-1 compiler could not handle these IMPORTS properly causing
compilation errors.
|
|
First attempt to add PKCS-7 does not compile
|
|
|
|
|
|
utf8 and close down gracefully if other ASN-1 errors occur.
The reason certificate_unknown that is used as ALERT for ASN-1 encoding failure is described as:
Some other (unspecified) issue arose in processing the
certificate, rendering it unacceptable.
|
|
|
|
OTP-10106
OTP-10107
|
|
to deal with changes to the pkits suite.
|
|
Include some of parts of InformationFramework in PKCS-8 to avoid
having a lot of other asn1 specs included that are not really used.
|
|
* ia/public_key/ssl/crypto/PKCS-8/OTP-9312:
Add clause for expected input to pubkey:pseudo_random_function/2 when ASN-1 compiler is fixed.
Clean up of public_key code adding specs and documentation
Added PKCS-8 support in ssl
Additions to crypto and public_key needed for full PKCS-8 support
Add PKCS-8 support to public_key
|
|
|
|
|
|
|
|
|
|
|
|
* bjorn/parallel-make/OTP-9451: (28 commits)
erl_interface: Support parallel make
dialyzer: Remove special-case build in the top Makefile
pcre: Rename Makefile.in to pcre.mk and include it
cos*/src/Makefile: Support parallel make
ic: Support parallel make
orber: Support parallel make
.gitignore: Ignore IDL-GENERATED
public_key: Support parallel make
ssh: Support parallel make
os_mon: Support parallel make
diameter: Support parallel make
snmp: Support parallel make
megaco: Support parallel make
megaco/src/flex/Makefile.in: Support parallel make
*/c_src/Makefile*: Support parallel make
eunit: Support parallel make
gs: Support parallel make
common_test Makefile: Support parallel make
erts/emulator/Makefile.in: Support parallel make
erts: Fix dependency generation
...
|
|
|
|
asn1 will use an erlang fallback if the nifs are not found
|
|
DSS-Params may be null in a certificate as it can inherit the
parameters.
Also ignore CA-certs that do not follow ASN-1 spec in RFC 5280.
|
|
certificates.
|
|
|
|
|