| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
5268c7b957c30c31e551f197463cdd55a792ea69
|
|
* legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530:
Skip crl_hash_dir_expired test for LibreSSL
Add ssl_crl_hash_dir module
Function for generating OpenSSL-style name hashes
Add public_key:pkix_match_dist_point
Improve formatting for crl_{check,cache} options
Add issuer arg to ssl_crl_cache_api lookup callback
Conflicts:
lib/public_key/test/public_key_SUITE.erl
|
|
|
|
|
|
public_key use cases are cryptographical so use
crypto:strong_rand_bytes/1 instead.
|
|
* henrik/update-copyrightyear:
update copyright-year
|
|
OpenSSL has functions to generate short (eight hex digits) hashes of
issuers of certificates and CRLs. These hashes are used by the
"c_rehash" script to populate directories of CA certificates and CRLs,
e.g. in the Apache web server. Adding this function lets an Erlang
program find the right CRL for a given certificate in such a
directory.
|
|
|
|
Also add missing test for PEM encoded private EC keys.
|
|
RFC 1421 Privacy Enhancement for Electronic Mail February 1993
Encapsulated Message
Pre-Encapsulation Boundary (Pre-EB)
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Encapsulated Header Portion
(Contains encryption control fields inserted in plaintext.
Examples include "DEK-Info:" and "Key-Info:".
Note that, although these control fields have line-oriented
representations similar to RFC 822 header fields, the set
of fields valid in this context is disjoint from those used
in RFC 822 processing.)
Blank Line
(Separates Encapsulated Header from subsequent
Encapsulated Text Portion)
Encapsulated Text Portion
(Contains message data encoded as specified in Section 4.3.)
Post-Encapsulation Boundary (Post-EB)
-----END PRIVACY-ENHANCED MESSAGE-----
|
|
Added encode/decode for ecdsa public keys in openssh and rfc4716
format. This is for the ssh public key algorithm ecdsa-sha2-*.
|
|
|
|
|
|
Add the mentioned test suites for *all* library and touched
non-library applications.
|
|
|
|
Author: Daniel Barney <[email protected]>
Date: Thu Oct 25 14:33:11 2012 -0600
Most common browsers are lax in thier handling of how the
emailAddress field is encoded. RFC 3280 section 4.1.2.6
defines the encoding as IA5String, however browsers will
also handle certificates with the emailAddress field
encoded as UTF8String. This fix allows the emailAddress
to be decoded as both an IA5String and an UTF8String.
Reviewed by: Andrew Bennett <[email protected]>
|
|
|
|
to clean up.
|
|
As the ASN-1 application relies on a nif in R16 for decodeing (that
was not the case in R15), public_key currently has a runtime
dependency on ASN-1. Hopefully we will be able to remove this
dependency again in the future.
|
|
|
|
Some certificates may use these OIDs instead of the ones defined by
PKIX/PKCS standard.
Refactor code so that all handling of the "duplicate" oids is done by
public_key.
Update algorithm information in documentation.
|
|
|
|
|
|
|
|
|
|
Note that PKCS-7 is an undocumented feature for now.
Also added some minor enhancements to the documentation.
|
|
Used defenitions from PKIX1Explicit88 to avoid most
of the overcomplicated InformationalFrameWork (and friends) ASN-1 specs.
We want to keep the public_key API as small and simple as possible.
|
|
|
|
containing withespaces correctly
|
|
utf8 and close down gracefully if other ASN-1 errors occur.
The reason certificate_unknown that is used as ALERT for ASN-1 encoding failure is described as:
Some other (unspecified) issue arose in processing the
certificate, rendering it unacceptable.
|
|
|
|
|
|
This reverts commit c7e5f7576e213060cbb332be64a7c3798f6a2cc2.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This patch allows the public_key module to decode and encode RSA and DSA
keys encoded using the SubjectPublicKeyInfo format. When
pem_entry_encode is called on an RSA or DSA public key type, the key is
wrapped in the SubjectPublicKeyInfo format.
|
|
|
|
|
|
Data to sign and verify should be inputed as binaries.
Also cleaned up and moved some dialyzer specs.
|
|
maint-r14
* ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873:
Peer awarness
|
|
Changed the verify fun so that it differentiate between the peer
certificate and CA certificates by using valid_peer or valid as the
second argument to the verify fun. It may not always be trivial or
even possible to know when the peer certificate is reached otherwise.
|
