Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Support R18 wrt detoxing precerts. | Linus Nordberg | 2016-08-19 | 1 | -3/+2 |
| | | | | Fixes CATLFISH-80. | ||||
* | Use erlang:timestamp/0 instead of deprecated now/0. | Linus Nordberg | 2016-08-18 | 1 | -1/+1 |
| | |||||
* | Rename module compat -> catlfish_compat. | Linus Nordberg | 2016-08-18 | 1 | -2/+2 |
| | | | | Can't have two modules with the same name in a release. | ||||
* | Add compatibility layer for digging around in non-public data structures. | Linus Nordberg | 2016-08-18 | 1 | -5/+2 |
| | |||||
* | Always store and return root certificate (closes CATLFISH-55). | Linus Nordberg | 2015-08-03 | 1 | -8/+7 |
| | |||||
* | Dialyzer clean. | Linus Nordberg | 2015-05-06 | 1 | -3/+3 |
| | |||||
* | Remove an extra annoying debug log printout. | Linus Nordberg | 2015-04-10 | 1 | -3/+0 |
| | |||||
* | Fix copyright strings. | Linus Nordberg | 2015-04-09 | 1 | -1/+1 |
| | |||||
* | Store rejected certificates. | Linus Nordberg | 2015-03-25 | 1 | -52/+94 |
| | | | | | | | Not storing the full chain, which would be even more useful. No rate limiting, which would be good. Also, reorganise some in x509.erl and add tests. | ||||
* | Clarify that 0.test.pem is not a valid #'OTPCertificate'{}. | Linus Nordberg | 2015-03-24 | 1 | -14/+14 |
| | | | | Also some cosmetic changes. | ||||
* | Add spec's for most functions. | Linus Nordberg | 2015-03-23 | 1 | -1/+8 |
| | | | | NOTE: We're not dialyzer clean yet. | ||||
* | Formatting; remove debug printouts. | Linus Nordberg | 2015-03-23 | 1 | -33/+17 |
| | |||||
* | Add precert handling. | Linus Nordberg | 2015-03-23 | 1 | -69/+186 |
| | |||||
* | Fix a bug where verification of EC signatures made us crash. | Linus Nordberg | 2015-02-27 | 1 | -33/+40 |
| | | | | | Also, have valid_chain_p return boolean, add some debug logging and detect invalid signature types instead of crashing. | ||||
* | Verify that known roots are indeed signing themselves. | Linus Nordberg | 2015-02-27 | 1 | -18/+40 |
| | | | | | | | This filters out certificates with signing algorithms that we can't handle. Also, make unit tests better. | ||||
* | Even more debug logging. | Linus Nordberg | 2015-02-25 | 1 | -0/+3 |
| | |||||
* | Add debug logging. | Linus Nordberg | 2015-02-25 | 1 | -0/+5 |
| | | | | Trying to figure out why public_key:verify isn't found in docker images. | ||||
* | Stop validating that cert.issuer matches issuer.subject. | Linus Nordberg | 2015-02-20 | 1 | -46/+27 |
| | | | | | | | | | | Even canoncalized versions of this data mismatch in otherwise proper chains. Since we're not here to validate chains for any other reasons than attribution and spam control, let's stop validate cert.issuer==candidate.subject. We still verify the cryptographic chain with signatures of tbsCertificates of course. Resolves CATLFISH-19. | ||||
* | Make unit tests work again. | Linus Nordberg | 2015-02-19 | 1 | -6/+9 |
| | | | | Makefile target 'check' runs them. | ||||
* | Verify certificates by decoding them as 'plain' certs rather than 'otp. | Linus Nordberg | 2014-11-18 | 1 | -18/+194 |
| | | | | | | | OTP cert validation is too strict. Let's see if this is forgiving enough for our needs. Also, move all cert reading from disk to x509.erl. | ||||
* | Log some info about certs that don't parse and why. | Linus Nordberg | 2014-11-05 | 1 | -3/+21 |
| | | | | Also move x509 specific code to the x509 module. | ||||
* | Catch badly ASN.1-encoded certificates. | Linus Nordberg | 2014-10-24 | 1 | -13/+26 |
| | | | | | | Now not crashing badly encoded certs in the list of known roots, which is good. They're simply ignored. Next step is to figure out if we should accept some anomalies, due to reality. | ||||
* | Log (info) when adding and rejecting a certificate chain. | Linus Nordberg | 2014-10-23 | 1 | -1/+5 |
| | | | | Writing to stdout for now, until we've decided on logging framework. | ||||
* | Split CertChain properly. | Linus Nordberg | 2014-10-23 | 1 | -1/+1 |
| | | | | This way, Chain is always a list. | ||||
* | Don't use der_encoded(). | Linus Nordberg | 2014-10-23 | 1 | -6/+5 |
| | | | | | The type definition seem to have disappeared from public_key.hrl in R17 and I don't know how to conditionally define a type. | ||||
* | Implement cert chain validation. | Linus Nordberg | 2014-10-22 | 1 | -0/+137 |
NOTE: Presence of and constraints on names are not being validated. |