| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is currently no sane way of getting your hands on the common name or
subject alternative name of the peer certificate from libtls. It is possible
to extract it from the peer cert's PEM by hand, but that way lies madness.
While the common name is close to being deprecated in the webpki, it is
still the de facto standard to identify client certs. It would be nice to
have a way to access the subject alternative names as well, but this is a
lot more difficult to expose in a clean and sane C interface due to its
multivaluedness.
Initial diff from henning, with input from beck, jsing and myself
henning and bluhm have plans of using this in syslogd.
ok beck
|
| |
|
|
|
|
|
|
|
|
| |
rather than return codes. More strictly follow RFC 6125, in particular only
check the CN if there are no SAN identifiers present in the certificate
(per section 6.4.4).
Previous behaviour questioned by Daniel Stenberg <daniel at haxx dot se>.
ok beck@ jca@
|
| |
|
|
|
|
|
| |
as PEM format. This allows for it to be used or examined with tools
external to libtls
bump minor
ok jsing@
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
|
| |
certificate
validity times for tls connections.
ok jsing@
|
| |
|
|
|
|
| |
at handshake time. change accessors to return const char * to remove need
for caller to free memory.
ok jsing@
|
| | |
|
| |
|
|
| |
ok jsing@
|
|
|
that was presented by the peer. The hash used is currently SHA256, however
since we prefix the result with the hash name, we can change this in the
future as the need arises.
The same output can be generated by using:
h=$(openssl x509 -outform der -in mycert.crt | sha256)
printf "SHA256:${h}\n"
ok beck@
|
