mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
17,526 Commits 5 Branches 162 Tags
Commit Graph

288 Commits

Author SHA1 Message Date
John Safranek
f1588e0ad9 Fix Cert Includes 
1. Added files that were missing from the certs directory include.am files.
2. Fixed the duplicate items in the certs directory's include.am files.
3. Reorganized the certs directory include.am files to be a tree.
 2018-05-31 17:38:47 -07:00
John Safranek
8a61b7303a Remove execute bit from a few files. 2018-05-31 10:14:47 -07:00
toddouska
999663fae1
Merge pull request #1498 from JacobBarthelmeh/Certs 
update before/after dates with certificates
 2018-05-30 10:09:49 -07:00
Jacob Barthelmeh
1a7d208a60 add crl2.pem to renew certs script 2018-05-29 16:57:30 -06:00
David Garske
a5c2e8b912 Added test for common name with invalid domain fails as expected when set with wolfSSL_check_domain_name. 2018-05-24 14:39:35 -07:00
toddouska
453daee965
Merge pull request #1523 from SparkiDev/ed25519_key 
Allow Ed25519 private-only keys to work in TLS
 2018-05-24 09:56:17 -07:00
Sean Parkinson
9358edf5dd Fixes from code review 
Include new private key files in release.
Set messages field to NULL after free.
 2018-05-24 08:43:28 +10:00
Sean Parkinson
58f523beba Allow Ed25519 private-only keys to work in TLS 
Change Ed25519 in TLS 1.2 to keep a copy of all the messages for
certificate verification - interop with OpenSSL.
 2018-05-24 08:43:28 +10:00
Jacob Barthelmeh
63a0e872c5 add test for fail case when parsing relative URI path 2018-05-14 14:27:02 -06:00
Jacob Barthelmeh
bb979980ca add test case for parsing URI from certificate 2018-05-08 16:24:41 -06:00
David Garske
89a4c98670 * Added support for expected fail test cases with example client/server and suites unit test. 
* Added test for certificate with bad alt name containing a null character mid byte stream.
* Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test.
* Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`.
* Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
 2018-05-03 09:40:51 -07:00
Jacob Barthelmeh
e895bacbba update before/after dates with certificates 2018-04-13 09:31:32 -06:00
Jacob Barthelmeh
607bd96317 add ocsp cert renew and test-pathlen to script 2018-03-14 16:35:16 -06:00
Jacob Barthelmeh
e41f5de556 default generate ed25519 cert with renew and add ecc crls to script 2018-03-09 14:09:34 -07:00
Jacob Barthelmeh
d9738563af add ed25519 certificate generation to renewcerts.sh 2018-03-09 10:43:36 -07:00
Jacob Barthelmeh
f6b5427f2b bad sig certificate renew script 2018-03-09 09:50:52 -07:00
Jacob Barthelmeh
849e1eb10d updating renewcerts script 2018-03-09 00:35:14 -07:00
Jacob Barthelmeh
f223f8fdfd update certificate after dates 2018-03-02 14:31:08 -07:00
John Safranek
7b1f6967c8 added another CA to the wolfssl website ca file 2018-03-01 11:57:12 -08:00
toddouska
9a4fe0fe4e
Merge pull request #1353 from dgarske/asn_strict 
Added RFC 5280 "must" checks
 2018-02-14 10:01:58 -08:00
Jacob Barthelmeh
62b8c0c3fd add test case for order of certificates with PKCS12 parse 2018-02-07 16:52:39 -07:00
David Garske
c2a0de93b8 Fix to resolve wolfCrypt test for `cert_test nameConstraints test. Fixed ASN check to properly determine if certificate is CA type. 2018-02-07 12:48:33 -08:00
David Garske
d7ae1df778 Fix to add keyUsage keyAgreement for the ECC server certificate. Resolves issue with openssl test using "ECDH-ECDSA" cipher suite. 2017-10-20 11:26:15 -07:00
David Garske
024c8725ad Testing improvements for cert gen and TLS cert validation: 
* Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled.
* Added new ECC CA for 384-bit tests.
* Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem)
* Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL.
* Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`.
* Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function.
* Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack).
* Cleanup to combine all certificate subject information into global `certDefaultName`.
* Updated cert request info to use wolfSSL instead of Yassl.
* Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`.
* Re-number error codes in rsa_test.
* Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
 2017-10-19 16:17:51 -07:00
Sean Parkinson
f724206e37 Add test for 3072-bit RSA and DH and fix modexp 2017-10-17 08:36:39 +10:00
Sean Parkinson
90f8f67982 Single Precision maths for RSA (and DH) 
Single Precision ECC implementation
 2017-10-17 08:36:39 +10:00
Chris Conlon
af00787f80 update root certs for ocsp scripts 2017-08-14 12:58:36 -06:00
Chris Conlon
667b8431cc Merge pull request #683 from moisesguimaraes/wolfssl-py 
wolfssl python wrapper
 2017-07-19 09:22:02 -07:00
Moisés Guimarães
54177c14b4 imports certs from ./certs 2017-07-03 12:31:47 -03:00
Jacob Barthelmeh
b0f87fdcf7 update .am files for make dist 2017-06-22 14:14:45 -06:00
Moisés Guimarães
a9d5dcae58 updates ocsp tests; adds check for OCSP response signed by issuer. 2017-06-21 14:12:12 -07:00
Sean Parkinson
13c4fe6cc4 Add test 2017-06-14 09:44:26 +10:00
Sean Parkinson
1db52f0c04 Fix to use different PEM header for EDDSA keys 
Include new cert and key files in distribution
Fix compile issue when only doing TLS13.
 2017-06-08 09:26:49 +10:00
Sean Parkinson
613d30bcae ED25519 TLS support 2017-06-08 09:26:49 +10:00
Sean Parkinson
ff4fcf21d6 Add test for private key only ecc key 2017-05-15 10:04:42 +10:00
Sean Parkinson
4d77e80d04 Fix loading of CRLs and certs. 
Change function wolfSSL_X509_LOOKUP_load_file to load multiple CRLs and
certificates from a file.
Change CRL loading to have a flag to not verify CRL signature - only do
this when using wolfSSL_X509_LOOKUP_load_file() as the certificate is
not always available.
Add test case for loading multiple CRLs in one file without certificate.
 2017-05-15 10:04:42 +10:00
Jacob Barthelmeh
4c8fdf99c5 add digsigku to renewcerts script and update the not after date 2017-05-02 18:08:10 -06:00
kaleb-himes
bddf0c52a6 add 'Class 3 Public Primary Certification Authority' to ocspstapling test certificate 2017-03-27 14:13:22 -06:00
toddouska
d8261796a6 Merge pull request #813 from cconlon/addcert 
add server-keyPkcs8.der to include.am
 2017-03-22 14:58:22 -07:00
toddouska
4e6f70e15e Merge pull request #784 from JacobBarthelmeh/Cert-Report2 
error out with duplicate policy OID in a certificate policies extension
 2017-03-21 15:21:46 -07:00
Chris Conlon
c46eb36b4e add server-keyPkcs8.der to include.am 2017-03-21 09:53:24 -06:00
Jacob Barthelmeh
3f33f2b995 add duplicate policy OID cert to dist 2017-03-16 15:49:40 -06:00
Jacob Barthelmeh
faf2bacd56 error out with duplicate policy OID in a certificate policies extension 2017-03-16 15:48:15 -06:00
Chris Conlon
efc2bb43d2 add wc_GetPkcs8TraditionalOffset() 2017-03-16 15:14:20 -06:00
Sean Parkinson
5c9eedbf69 Fixes from merge of test coverage changes 
Include new certificates in distribution.
Casting changes for clang.
Extra error code - recognize in test.
 2017-03-10 09:15:18 +10:00
Sean Parkinson
455fb96faa Extend testing for coverage 2017-03-01 09:37:18 +10:00
Jacob Barthelmeh
2daeecdb90 BIO s_socket and BN mod exp 2016-12-28 14:45:29 -07:00
Jacob Barthelmeh
ff05c8a7a5 expanding compatibility layer 2016-12-28 14:45:29 -07:00
Chris Conlon
41f6863970 add missing certs and keys to certs/include.am 2016-12-14 09:46:41 -07:00
David Garske
039aedcfba Added "wolfSSL_use_certificate_chain_buffer_format". Added "wolfSSL_SESSION_CIPHER_get_name" to get cipher suite name using WOLFSSL_SESSION*. Moved the "wolfSSL_get_cipher_name_from_suite" function to internal.c. Added new server-cert-chain.der, which is combination of ca-cert.der and server-cert.der. Enhanced load_buffer to detect format using file extension. Can test use of DER cert chain with NO_FILESYSTEM defined using "./examples/server/server -c ./certs/server-cert-chain.der -k ./certs/server-key.der". 2016-11-30 16:26:02 -08:00