aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key
AgeCommit message (Collapse)Author
2015-03-09Merge branch 'mururu/fix-type' into maintZandra Hird
* mururu/fix-type: Fix typos in the public_key doc OTP-12549
2015-03-09public_key: Improve CRL handling supportIngela Anderton Andin
2015-02-24Fix typos in the public_key docYuki Ito
2014-09-15Update release notesErlang/OTP
2014-09-15Update version numbersErlang/OTP
2014-09-11public_key: Fix link errors in documentationIngela Anderton Andin
2014-09-09ssl, public_key: Add new option partial_chainIngela Anderton Andin
Check that the certificate chain ends with a trusted ROOT CA e.i. a self-signed certificate, but provide an option partial_chain to enable the application to define an intermediat CA as trusted. TLS RFC says: "unknown_ca A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal." and also states: "certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case." X509 RFC says: "The selection of a trust anchor is a matter of policy: it could be the top CA in a hierarchical PKI, the CA that issued the verifier's own certificate(s), or any other CA in a network PKI. The path validation procedure is the same regardless of the choice of trust anchor. In addition, different applications may rely on different trust anchors, or may accept paths that begin with any of a set of trust anchors."
2014-09-05public_key: Correct documentation of ASN-1 type utf8StringIngela Anderton Andin
2014-08-27public_key: Fix spec and documentation for pkix_crls_validateIngela Anderton Andin
2014-08-27public_key: Fix spec and documentation for PBESIngela Anderton Andin
2014-08-25public_key: Add encodeing functionality for PBES1 and PBES2Ingela Anderton Andin
2014-08-22public_key: Add PBES1 decoding supportIngela Anderton Andin
2014-08-14public_key: Updated User Guide with ECC recordsIngela Anderton Andin
2014-08-08public_key: Correct ASN1-type EcpkParameters in PEM handlingIngela Anderton Andin
2014-08-08public_key: Correct ASN-1 specIngela Anderton Andin
2014-04-07Update release notesErlang/OTP
2014-04-03public_key: Fix typoIngela Anderton Andin
2014-04-02public_key: Document issuer_fun option to pkix_crls_validate/3Ingela Anderton Andin
2014-04-01public_key: Update outdated linksIngela Anderton Andin
2014-03-26ssl, pubkey: Code and test adjustmentsHans Nilsson
2014-03-26Rework IDP validation according to the RFC, fix public_key testsAndrew Thompson
2014-03-26Various improvements to CRL handlingAndrew Thompson
* Handle v1 CRLs, with no extensions. * Compare the IDP on a CRL correctly, if present * Don't try to double-decode altnames Tests are also included, and the make_certs testing tool in the SSL application has been greatly extended.
2014-03-25pubkey: Fixed unicode conversionHans Nilsson
2014-03-20Introduce runtime_dependencies in .app filesRickard Green
Most dependencies introduced are exactly the dependencies to other applications found by xref. That is, there might be real dependencies missing. There might also be pure debug dependencies listed that probably should be removed. Each application has to be manually inspected in order to ensure that all real dependencies are listed. All dependencies introduced are to application versions used in OTP 17.0. This since the previously used version scheme wasn't designed for this, and in order to minimize the work of introducing the dependencies.
2014-03-20Bump versions and ensure that all are "normal" versionsRickard Green
Ensure all are "normal" versions according to the new version scheme introduced in OTP 17.0
2014-02-24Add test suites performing app and appup file checksTobias Schlager
Add the mentioned test suites for *all* library and touched non-library applications.
2014-02-18Fix library application appup filesTobias Schlager
As discussed in issue #240 *all* OTP library applications use the '.*' wildcard as up and down version. This makes library applications always up- and downgradeable. Using the wildcard version obsoletes all maintenance tasks regarding library applications' appup files. Additionally, it prevents upgrade problems caused by automatically included application dependencies when using reltool to create releases. Missing copyright headers are now consistently present.
2014-02-11Merge branch 'tuncer/fix-public_key-specs'Henrik Nord
* tuncer/fix-public_key-specs: public_key(3): fix private_key/0 type definition OTP-11627
2014-02-06public_key(3): fix private_key/0 type definitionTuncer Ayaz
2014-02-06public_key: Export some dialyzer typesIngela Anderton Andin
Move dilayzer types from include file to erl file and use -export_type
2014-01-28Consistently format public_key(3)Tuncer Ayaz
When documenting public_key/0 and private_key/0, I noticed the inconsistent state of formatting in public_key(3)'s Data Types section. This should be fixed for consistency and readability.
2014-01-28Fix incorrect use of public_key:private_key/0 typeTuncer Ayaz
public_key:private_key/0 was referenced but undefined, and lib/ssl had a local definition of private_key/0. To fix that, make the following changes: * add public_key:private_key/0 type * document public_key/0 and private_key/0 * fix incorrect definitions and references
2014-01-28Fix incorrect proplists type referenceTuncer Ayaz
ssh and public_key were referring to proplists:proplists/0 which does not exist. Fix by using the correct type proplists:proplist/0.
2014-01-13public_key: add brainpool elliptic curves (RFC-5639)Andreas Schultz
2013-12-10Merge tag 'OTP_R16B03'Magnus Lidén
The R16B03 release Conflicts: lib/sasl/vsn.mk
2013-12-09Prepare releaseOTP_R16B03Erlang/OTP
2013-12-02Merge branch 'maint'Ingela Anderton Andin
2013-12-02ssl, public_key: Dialyzer fixesIngela Anderton Andin
2013-11-15Merge branch 'maint'Fredrik Gustafsson
2013-11-08public_key_SUITE: Rename id-at-countryName to id-emailAddressAndrew Bennett
2013-11-07public_key: Workaround for incorrectly encoded utf8 emailAddressAndrew Bennett
Author: Daniel Barney <[email protected]> Date: Thu Oct 25 14:33:11 2012 -0600 Most common browsers are lax in thier handling of how the emailAddress field is encoded. RFC 3280 section 4.1.2.6 defines the encoding as IA5String, however browsers will also handle certificates with the emailAddress field encoded as UTF8String. This fix allows the emailAddress to be decoded as both an IA5String and an UTF8String. Reviewed by: Andrew Bennett <[email protected]>
2013-10-10public_key: change encoding to utf8Fredrik Gustafsson
2013-10-10Merge branch 'maint'Fredrik Gustafsson
2013-10-10fix a little typo in public_key documentationTomas Morstein
In the example of `public_key:pem_entry_encode/2`, the result should match to `PemEntry` rather than to `PemBin` since `PemEntry` is expected as an input argument of `public_key:pem_encode/1` called just on the next line of the example.
2013-09-17Merge tag 'OTP_R16B02'Magnus Lidén
The R16B02 release Conflicts: lib/sasl/vsn.mk
2013-09-16Prepare releaseOTP_R16B02Erlang/OTP
2013-09-02Merge branch 'maint'Fredrik Gustafsson
2013-09-02Merge branch 'dotsimon/pubkey_aes_cbc/OTP-11281' into maintFredrik Gustafsson
* dotsimon/pubkey_aes_cbc/OTP-11281: Allow public_key:pem_entry_decode/2) to handle AES-128-CBC ciphered keys
2013-09-02Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
2013-08-29Allow public_key:pem_entry_decode/2) to handle AES-128-CBC ciphered keysSimon Cornish
Private keys generated by modern versions of ssh-keygen are ciphered with AES-128-CBC instead of DES-EDE3-CBC. Since DES-EDE3-CBC ciphered keys are handled, and the underlying support for AES-128-CBC is already present, it seems a bug of omission that AES-128-CBC ciphered keys are not.