Age | Commit message (Collapse) | Author |
|
5268c7b957c30c31e551f197463cdd55a792ea69
|
|
* legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530:
Skip crl_hash_dir_expired test for LibreSSL
Add ssl_crl_hash_dir module
Function for generating OpenSSL-style name hashes
Add public_key:pkix_match_dist_point
Improve formatting for crl_{check,cache} options
Add issuer arg to ssl_crl_cache_api lookup callback
Conflicts:
lib/public_key/test/public_key_SUITE.erl
|
|
* ingela/public_key/doc/OTP-13186:
public_key: Create application manual page that is man(6)
|
|
|
|
|
|
This reverts commit e020f75c10410a6943cd055bfa072a2641eab7da.
|
|
|
|
Followup to https://github.com/erlang/otp/pull/1023
- make/make_emakefile is fixed because otherwise './otp_build tests'
fails early.
- And grep showed that there is only one other file that also should be
fixed - lib/public_key/priv/generate
|
|
|
|
This reverts commit bd64ad8e15d66e48b36dbe3584315dd5cfc8b59a.
|
|
|
|
|
|
public_key use cases are cryptographical so use
crypto:strong_rand_bytes/1 instead.
|
|
* henrik/update-copyrightyear:
update copyright-year
|
|
OpenSSL has functions to generate short (eight hex digits) hashes of
issuers of certificates and CRLs. These hashes are used by the
"c_rehash" script to populate directories of CA certificates and CRLs,
e.g. in the Apache web server. Adding this function lets an Erlang
program find the right CRL for a given certificate in such a
directory.
|
|
|
|
* ia/public_key/EC-public_key/OTP-13408:
public_key: Handle PEM encoded EC public keys
|
|
|
|
|
|
Also add missing test for PEM encoded private EC keys.
|
|
RFC 1421 Privacy Enhancement for Electronic Mail February 1993
Encapsulated Message
Pre-Encapsulation Boundary (Pre-EB)
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Encapsulated Header Portion
(Contains encryption control fields inserted in plaintext.
Examples include "DEK-Info:" and "Key-Info:".
Note that, although these control fields have line-oriented
representations similar to RFC 822 header fields, the set
of fields valid in this context is disjoint from those used
in RFC 822 processing.)
Blank Line
(Separates Encapsulated Header from subsequent
Encapsulated Text Portion)
Encapsulated Text Portion
(Contains message data encoded as specified in Section 4.3.)
Post-Encapsulation Boundary (Post-EB)
-----END PRIVACY-ENHANCED MESSAGE-----
|
|
|
|
|
|
At the bottom of the file PKIX1Explicit88.asn1 there is a commenet
about upper bounds and diffrent types of strings. Adhere to this
so that we can accept all certificates that openSSL does.
For example: httpc:request("https://dl.sciencesocieties.org/").
|
|
|
|
|
|
|
|
Also tool (public_key:gen_moduli_hrl) to convert an openssh moduli file to erlang format.
|
|
|
|
|
|
|
|
Added encode/decode for ecdsa public keys in openssh and rfc4716
format. This is for the ssh public key algorithm ecdsa-sha2-*.
|
|
|
|
OTP-12986
|
|
|
|
Line number references are with respect to sources
in public_key.erl
Changes:
- pkix_sign replaced public with private (L510)
(Certificates are signed by private keys)
- pki_asn1_type() added 'CertificateList' (L73)
- pkix_sign_types added ecdsa (L404)
- pkix_verify added ec_public_key() (L530)
- pkix_is_issuer added 'CertificateList' (L569)
|
|
|
|
|
|
This reverts commit e09dd66dc4d89c62ddfd8c19791f9678d5d787c6.
|
|
|
|
|
|
Make sure that links from ssl to public_key work.
OTP-12670 - Ignoring 1.2 extension in 1.0 or TLS-1.1
solved by 5edda23ee854038c9d4bcddd0d676ee0ffd20da5
is mentioned here to make the release scripts happy,
as the branch solving this accidently had a name ending 1267
instead of 12670
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Erlang bitstring type only uses as many bits as required, and
does not use padding to create complete bytes as ASN1 compact_bitstring
did. crypto:verify/5 will now fail, for some incorrect signatures
as it expects complete bytes which an incorrect signature may not have.
Instead of catching the failing crypto function and then returning
false we check the input and reject it right away.
|