aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key
AgeCommit message (Collapse)Author
2010-11-30Fixed guard and test caseIngela Anderton Andin
Data to sign and verify should be inputed as binaries. Also cleaned up and moved some dialyzer specs.
2010-11-29Fixed broken links in the documentation and dialyzer warningsIngela Anderton Andin
2010-10-20Fixed typo in dialyzer spec.Ingela Anderton Andin
2010-10-01Merge branch 'maint-r14' into devIngela Anderton Andin
Conflicts: lib/public_key/src/pubkey_cert.erl
2010-09-29Prepare releaseErlang/OTP
2010-09-29Merge branch 'ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873' into ↵Erlang/OTP
maint-r14 * ia/ssl-and-public_key/verify_fun_peer_awarness/OTP-8873: Peer awarness
2010-09-29Merge branch 'ia/public_key/basic_constraints/OTP-8867' into maint-r14Erlang/OTP
* ia/public_key/basic_constraints/OTP-8867: Better handling of v1 and v2 certificates.
2010-09-29Peer awarnessIngela Anderton Andin
Changed the verify fun so that it differentiate between the peer certificate and CA certificates by using valid_peer or valid as the second argument to the verify fun. It may not always be trivial or even possible to know when the peer certificate is reached otherwise.
2010-09-28Better handling of v1 and v2 certificates.Ingela Anderton Andin
V1 and v2 certificates does not have any extensions so then validate_extensions should just accept that there are none and not end up in missing_basic_constraints clause.
2010-09-27Merge branch 'ia/public_key/basic_constraints/OTP-8867' into devIngela Anderton Andin
* ia/public_key/basic_constraints/OTP-8867: Better handling of v1 and v2 certificates.
2010-09-27Merge branch 'ia/ssl-and-public_key/backwards-compatibility/OTP-8858' into devIngela Anderton Andin
* ia/ssl-and-public_key/backwards-compatibility/OTP-8858: Backwards compatibility Conflicts: lib/ssl/src/ssl_certificate_db.erl Use short INFO-message. Debugging information can be fairly easily recreated so we do not want to clutter the logs.
2010-09-24Backwards compatibilityIngela Anderton Andin
Changed implementation to retain backwards compatibility for old option {verify, 0} that shall be equivalent to {verify, verify_none}, also separate the cases unknown CA and selfsigned peer cert, and restored return value of deprecated function public_key:pem_to_der/1.
2010-09-23Better handling of v1 and v2 certificates.Ingela Anderton Andin
V1 and v2 certificates does not have any extensions so then validate_extensions should just accept that there are none and not end up in missing_basic_constraints clause.
2010-09-21Handling of DSA key parametersIngela Anderton Andin
DSS-Params may be null in a certificate as it can inherit the parameters. Also ignore CA-certs that do not follow ASN-1 spec in RFC 5280.
2010-09-17Merge branch 'ia/fix-dialyzer-specs' into devIngela Anderton Andin
* ia/fix-dialyzer-specs: Corrected and added dialyzer specs
2010-09-15Corrected and added dialyzer specsIngela Anderton Andin
2010-09-13Prepare releaseOTP_R14BErlang/OTP
2010-09-10Improved certificate extension handlingIngela Anderton Andin
Added the functionality so that the verification fun will be called when a certificate is considered valid by the path validation to allow access to eachs certificate in the path to the user application. Removed clause that only check that a extension is not critical, it does alter the verification rusult only withholds information from the application. Try to verify subject-AltName, if unable to verify it let application try.
2010-09-10Add handling of SubjectAltName of type otherNameIngela Anderton Andin
2010-09-06Handling of path validation errors by the applicationIngela Anderton Andin
Changed the behavior of the verify_fun option so that the application can be responsible for handling path validation errors even on the server side. Also replaced the not yet documented validate_extensions_fun to be handled by the verify_fun instead. If the verify callback fun returns {fail, Reason}, the verification process is immediately stopped and an alert is sent to the peer and the TLS/SSL handshake is terminated. If the verify callback fun returns {valid, UserState}, the verification process is continued. If the verify callback fun always returns {valid, UserState}, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. The verify callback fun will also be able to verify application specific extensions.
2010-09-01Merge branch 'dgud/public_key/make_cert_fix' into devDan Gudmundsson
* dgud/public_key/make_cert_fix: Complete rename of erl_make_certs Rename Fix issuer issue in generated certs
2010-09-01Empty certificate chainIngela Anderton Andin
Handling of unkown CA certificats was changed in ssl and public_key to work as intended. In the process of doing this some test cases has been corrected as they where wrong but happened to work together with the incorrect unknown CA handling.
2010-08-31Complete rename of erl_make_certsDan Gudmundsson
2010-08-31RenameDan Gudmundsson
2010-08-31Fix issuer issue in generated certsDan Gudmundsson
2010-08-24Merge branch 'ia/public_key_api/OTP-8722' into devIngela Anderton Andin
* ia/public_key_api/OTP-8722: Revise the public_key API Resolved, version is now 0.8. Conflicts: lib/public_key/vsn.mk
2010-08-23Revise the public_key APIIngela Anderton Andin
Cleaned up and documented the public_key API to make it useful for general use.
2010-08-18Remove ticket numbers from all vsn.mk filesBjörn Gustavsson
Some application's vsn.mk files contained a list of the ticket numbers fixed in each version. Since that information can be obtained from the notes.xml file or from the merge commits in the git repository (provided that the branch name includes the ticket number), there is no reason to manually maintain that information in the vsn.mk files.
2010-06-15Added empty line for solaris sedDan Gudmundsson
2010-06-09Support new crypto functionIngela Anderton Andin
2010-06-08public_key: prepare for releaseDan Gudmundsson
2010-06-07Public key test fixesDan Gudmundsson
2010-06-03Fixed a bug in the spec which caused dsa parameters to be lost in the ↵Dan Gudmundsson
certificates.
2010-06-01OTP-8649 dg/public_key-test-coverageRaimo Niskanen
2010-05-11Updated vsnIngela Anderton Andin
2010-05-11Handling of empty certificate extensions OTP-8626Ingela Anderton Andin
2010-04-19Prepare for releaseDan Gudmundsson
2010-04-15** Empty commit message **Ingela Anderton Andin
2010-04-13OTP-8554 Certificate extensionsIngela Anderton Andin
2010-04-13OTP-8553 Extended key usageIngela Anderton Andin
2010-04-13Use binaries instead of non-supported lists as argument to ↵Dan Gudmundsson
crypto:des_cbc_decrypt
2010-04-01Update version numberIngela Anderton Andin
2010-03-25OTP-7046 Support for Diffie-Hellman keyexchangeIngela Anderton Andin
2010-02-17public_key: Prepare releaseDan Gudmundsson
2010-01-21Merge branch 'bg/public_key-include_lib' into ccase/r13b04_devErlang/OTP
* bg/public_key-include_lib: public_key: fix build of test suites on Windows
2010-01-21** Empty commit message **Lars G Thorsen
2010-01-19public_key: fix build of test suites on WindowsBjörn Gustavsson
On Windows, the ERL_TOP environment variable contains a path that only is valid for cygwin-enabled programs, such as 'make'. It is not meaningful to pass the value of $ERL_TOP in the -I option to the Erlang compiler, because the Erlang emualator does not interpret cygwin paths correctly. Therefore, -include("test_server.hrl") will fail to find test_server.hrl. Work around the problem by using -include_lib().
2010-01-19Merge branch 'dgud/ssl-patches-from-Wil' into ccase/r13b04_devErlang/OTP
* dgud/ssl-patches-from-Wil: Added a public_key:pkix_transform/2 instead and used it from ssl. Minor code cleanup new_ssl fix session reuse Code cleanup Send CA list during Certificate Request in new_ssl OTP-8372 Fixed session reuse (in new_ssl), thanks Wil Tan. Send CA list during Certificate Request (in new_ssl) , thanks Wil Tan.
2010-01-13Added a public_key:pkix_transform/2 instead and used it from ssl.Dan Gudmundsson
2010-01-12Send CA list during Certificate Request in new_sslWil Tan
When requesting for client certificate, an SSL/TLS server may send a list of the distinguished names of acceptable certificate authorities. OpenSSL does this by default.