| Age | Commit message (Collapse) | Author |
|---|
|
* legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530:
Skip crl_hash_dir_expired test for LibreSSL
Add ssl_crl_hash_dir module
Function for generating OpenSSL-style name hashes
Add public_key:pkix_match_dist_point
Improve formatting for crl_{check,cache} options
Add issuer arg to ssl_crl_cache_api lookup callback
Conflicts:
lib/public_key/test/public_key_SUITE.erl
|
|
|
|
* henrik/update-copyrightyear:
update copyright-year
|
|
OpenSSL has functions to generate short (eight hex digits) hashes of
issuers of certificates and CRLs. These hashes are used by the
"c_rehash" script to populate directories of CA certificates and CRLs,
e.g. in the Apache web server. Adding this function lets an Erlang
program find the right CRL for a given certificate in such a
directory.
|
|
|
|
|
|
Also add missing test for PEM encoded private EC keys.
|
|
RFC 1421 Privacy Enhancement for Electronic Mail February 1993
Encapsulated Message
Pre-Encapsulation Boundary (Pre-EB)
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Encapsulated Header Portion
(Contains encryption control fields inserted in plaintext.
Examples include "DEK-Info:" and "Key-Info:".
Note that, although these control fields have line-oriented
representations similar to RFC 822 header fields, the set
of fields valid in this context is disjoint from those used
in RFC 822 processing.)
Blank Line
(Separates Encapsulated Header from subsequent
Encapsulated Text Portion)
Encapsulated Text Portion
(Contains message data encoded as specified in Section 4.3.)
Post-Encapsulation Boundary (Post-EB)
-----END PRIVACY-ENHANCED MESSAGE-----
|
|
|
|
Also tool (public_key:gen_moduli_hrl) to convert an openssh moduli file to erlang format.
|
|
|
|
|
|
|
|
Added encode/decode for ecdsa public keys in openssh and rfc4716
format. This is for the ssh public key algorithm ecdsa-sha2-*.
|
|
|
|
Erlang bitstring type only uses as many bits as required, and
does not use padding to create complete bytes as ASN1 compact_bitstring
did. crypto:verify/5 will now fail, for some incorrect signatures
as it expects complete bytes which an incorrect signature may not have.
Instead of catching the failing crypto function and then returning
false we check the input and reject it right away.
|
|
* E.I bitstrings will not be decode as {Unused, Binary}, they are now
Erlang bitstrings.
* Also the compact_bit_string implies the legacy_erlang_types switch
- So removing the switch will also make OCTET STRING values be represented
as binaries.
- Undecoded open type will now be wrapped in a asn1_OPENTYPE tuple.
We need to handle this in pubkey_pbe.erl, maybe this can be eliminated
later by updating/refreshing ASN1-specs.
This will change some values in records returned by the public_key API
making this change a potentiall incompatibility.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Handle v1 CRLs, with no extensions.
* Compare the IDP on a CRL correctly, if present
* Don't try to double-decode altnames
Tests are also included, and the make_certs testing tool in the SSL
application has been greatly extended.
|
|
|
|
Most dependencies introduced are exactly the dependencies to other
applications found by xref. That is, there might be real dependencies
missing. There might also be pure debug dependencies listed that
probably should be removed. Each application has to be manually
inspected in order to ensure that all real dependencies are listed.
All dependencies introduced are to application versions used in
OTP 17.0. This since the previously used version scheme wasn't
designed for this, and in order to minimize the work of introducing
the dependencies.
|
|
As discussed in issue #240 *all* OTP library applications use the '.*'
wildcard as up and down version. This makes library applications
always up- and downgradeable. Using the wildcard version obsoletes
all maintenance tasks regarding library applications' appup files.
Additionally, it prevents upgrade problems caused by automatically
included application dependencies when using reltool to create
releases. Missing copyright headers are now consistently present.
|
|
Move dilayzer types from include file to erl file and use
-export_type
|
|
|
|
|
|
|
|
|
|
Author: Daniel Barney <[email protected]>
Date: Thu Oct 25 14:33:11 2012 -0600
Most common browsers are lax in thier handling of how the
emailAddress field is encoded. RFC 3280 section 4.1.2.6
defines the encoding as IA5String, however browsers will
also handle certificates with the emailAddress field
encoded as UTF8String. This fix allows the emailAddress
to be decoded as both an IA5String and an UTF8String.
Reviewed by: Andrew Bennett <[email protected]>
|
|
|
|
Private keys generated by modern versions of ssh-keygen are ciphered
with AES-128-CBC instead of DES-EDE3-CBC.
Since DES-EDE3-CBC ciphered keys are handled, and the underlying
support for AES-128-CBC is already present, it seems a bug of omission
that AES-128-CBC ciphered keys are not.
|
|
|
|
|
|
* ia/public_key/crypto/prepare-for-release:
public_key & ssl: Add ASN-1 dependency
crypto & public_key: prepare for release
|
|
|
|
As the ASN-1 application relies on a nif in R16 for decodeing (that
was not the case in R15), public_key currently has a runtime
dependency on ASN-1. Hopefully we will be able to remove this
dependency again in the future.
|
|
|
|
Conflicts:
bootstrap/lib/stdlib/ebin/beam_lib.beam
lib/public_key/test/erl_make_certs.erl
|
|
|
|
to conform with the return value of the other types.
|
|
|
|
Conflicts:
lib/crypto/doc/src/crypto_app.xml
|
|
|
