aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key
AgeCommit message (Collapse)Author
2015-09-21Prepare releaseErlang/OTP
2015-09-16public_key: Document enhancementsIngela Anderton Andin
OTP-12986
2015-09-11Fix public_key docYuki Ito
2015-06-28Updated documentation to match implementationRed
Line number references are with respect to sources in public_key.erl Changes: - pkix_sign replaced public with private (L510) (Certificates are signed by private keys) - pki_asn1_type() added 'CertificateList' (L73) - pkix_sign_types added ecdsa (L404) - pkix_verify added ec_public_key() (L530) - pkix_is_issuer added 'CertificateList' (L569)
2015-06-23Prepare releaseErlang/OTP
2015-06-18Change license text to APLv2Bruce Yinhe
2015-05-13Revert "Prepare release"Henrik Nord
This reverts commit e09dd66dc4d89c62ddfd8c19791f9678d5d787c6.
2015-05-12Prepare releaseErlang/OTP
2015-05-11public_key: Align "=" sign in type declarations to decided policyIngela Anderton Andin
2015-05-11public_key, ssl: Align public_key and ssl docIngela Anderton Andin
Make sure that links from ssl to public_key work. OTP-12670 - Ignoring 1.2 extension in 1.0 or TLS-1.1 solved by 5edda23ee854038c9d4bcddd0d676ee0ffd20da5 is mentioned here to make the release scripts happy, as the branch solving this accidently had a name ending 1267 instead of 12670
2015-05-07public_key: Add clarificationsIngela Anderton Andin
2015-05-07public_key: Align types with removal of legacy ASN.1 flagsIngela Anderton Andin
2015-05-07public_key: Align to alphabetical orderIngela Anderton Andin
2015-05-07public_key: Correct application names and typosIngela Anderton Andin
2015-05-07public_key: Change structure to what editor intendedIngela Anderton Andin
2015-05-07Editorial changestmanevik
2015-04-20public_key: Update vsn for OTP 18Ingela Anderton Andin
2015-04-20public_key: Reject bad signatures as early as possibleIngela Anderton Andin
Erlang bitstring type only uses as many bits as required, and does not use padding to create complete bytes as ASN1 compact_bitstring did. crypto:verify/5 will now fail, for some incorrect signatures as it expects complete bytes which an incorrect signature may not have. Instead of catching the failing crypto function and then returning false we check the input and reject it right away.
2015-04-20public_key: Remove legacy switch compact_bit_stringIngela Anderton Andin
* E.I bitstrings will not be decode as {Unused, Binary}, they are now Erlang bitstrings. * Also the compact_bit_string implies the legacy_erlang_types switch - So removing the switch will also make OCTET STRING values be represented as binaries. - Undecoded open type will now be wrapped in a asn1_OPENTYPE tuple. We need to handle this in pubkey_pbe.erl, maybe this can be eliminated later by updating/refreshing ASN1-specs. This will change some values in records returned by the public_key API making this change a potentiall incompatibility.
2015-04-01Merge tag 'OTP-17.5'Henrik Nord
=== OTP-17.5 === Changed Applications: - asn1-3.0.4 - common_test-1.10 - compiler-5.0.4 - crypto-3.5 - debugger-4.0.3 - dialyzer-2.7.4 - diameter-1.9 - eldap-1.1.1 - erts-6.4 - hipe-3.11.3 - inets-5.10.6 - kernel-3.2 - mnesia-4.12.5 - observer-2.0.4 - os_mon-2.3.1 - public_key-0.23 - runtime_tools-1.8.16 - ssh-3.2 - ssl-6.0 - stdlib-2.4 - syntax_tools-1.6.18 - test_server-3.8 - tools-2.7.2 - wx-1.3.3 Unchanged Applications: - cosEvent-2.1.15 - cosEventDomain-1.1.14 - cosFileTransfer-1.1.16 - cosNotification-1.1.21 - cosProperty-1.1.17 - cosTime-1.1.14 - cosTransactions-1.2.14 - edoc-0.7.16 - erl_docgen-0.3.7 - erl_interface-3.7.20 - et-1.5 - eunit-2.2.9 - gs-1.5.16 - ic-4.3.6 - jinterface-1.5.12 - megaco-3.17.3 - odbc-2.10.22 - orber-3.7.1 - ose-1.0.2 - otp_mibs-1.0.10 - parsetools-2.0.12 - percept-0.8.10 - reltool-0.6.6 - sasl-2.4.1 - snmp-5.1.1 - typer-0.9.8 - webtool-0.8.10 - xmerl-1.3.7 Conflicts: OTP_VERSION erts/vsn.mk lib/ssl/vsn.mk
2015-03-31Prepare releaseErlang/OTP
2015-03-16Merge branch 'maint'Ingela Anderton Andin
2015-03-13public_key: dialyzer fixesIngela Anderton Andin
2015-03-09Merge branch 'maint'Zandra Hird
2015-03-09Merge branch 'mururu/fix-type' into maintZandra Hird
* mururu/fix-type: Fix typos in the public_key doc OTP-12549
2015-03-09Merge branch 'maint'Ingela Anderton Andin
2015-03-09public_key: Improve CRL handling supportIngela Anderton Andin
2015-02-24Fix typos in the public_key docYuki Ito
2014-12-15Start using os:getenv/2 funPeter Lemenkov
See #535 Signed-off-by: Peter Lemenkov <[email protected]>
2014-09-15Update release notesErlang/OTP
2014-09-15Update version numbersErlang/OTP
2014-09-11public_key: Fix link errors in documentationIngela Anderton Andin
2014-09-09ssl, public_key: Add new option partial_chainIngela Anderton Andin
Check that the certificate chain ends with a trusted ROOT CA e.i. a self-signed certificate, but provide an option partial_chain to enable the application to define an intermediat CA as trusted. TLS RFC says: "unknown_ca A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal." and also states: "certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case." X509 RFC says: "The selection of a trust anchor is a matter of policy: it could be the top CA in a hierarchical PKI, the CA that issued the verifier's own certificate(s), or any other CA in a network PKI. The path validation procedure is the same regardless of the choice of trust anchor. In addition, different applications may rely on different trust anchors, or may accept paths that begin with any of a set of trust anchors."
2014-09-05public_key: Correct documentation of ASN-1 type utf8StringIngela Anderton Andin
2014-08-27public_key: Fix spec and documentation for pkix_crls_validateIngela Anderton Andin
2014-08-27public_key: Fix spec and documentation for PBESIngela Anderton Andin
2014-08-25public_key: Add encodeing functionality for PBES1 and PBES2Ingela Anderton Andin
2014-08-22public_key: Add PBES1 decoding supportIngela Anderton Andin
2014-08-14public_key: Updated User Guide with ECC recordsIngela Anderton Andin
2014-08-08public_key: Correct ASN1-type EcpkParameters in PEM handlingIngela Anderton Andin
2014-08-08public_key: Correct ASN-1 specIngela Anderton Andin
2014-04-07Update release notesErlang/OTP
2014-04-03public_key: Fix typoIngela Anderton Andin
2014-04-02public_key: Document issuer_fun option to pkix_crls_validate/3Ingela Anderton Andin
2014-04-01public_key: Update outdated linksIngela Anderton Andin
2014-03-26ssl, pubkey: Code and test adjustmentsHans Nilsson
2014-03-26Rework IDP validation according to the RFC, fix public_key testsAndrew Thompson
2014-03-26Various improvements to CRL handlingAndrew Thompson
* Handle v1 CRLs, with no extensions. * Compare the IDP on a CRL correctly, if present * Don't try to double-decode altnames Tests are also included, and the make_certs testing tool in the SSL application has been greatly extended.
2014-03-25pubkey: Fixed unicode conversionHans Nilsson
2014-03-20Introduce runtime_dependencies in .app filesRickard Green
Most dependencies introduced are exactly the dependencies to other applications found by xref. That is, there might be real dependencies missing. There might also be pure debug dependencies listed that probably should be removed. Each application has to be manually inspected in order to ensure that all real dependencies are listed. All dependencies introduced are to application versions used in OTP 17.0. This since the previously used version scheme wasn't designed for this, and in order to minimize the work of introducing the dependencies.