summaryrefslogtreecommitdiffstats
path: root/etc/inc/certs.inc
Commit message (Collapse)AuthorAgeFilesLines
* When creating an internal certificate, offer the user a choice of what ↵jim-p2011-11-091-2/+15
| | | | constraints to place upon the certificate (CA, Server, or User).
* Specify full path to openssl.cnf, and select the relevant section to use ↵jim-p2011-10-271-0/+6
| | | | when generating certificates.
* Add function to return a certificate's common name.jim-p2011-07-061-0/+21
|
* Import error handling to avoid errors.Ermal2011-06-241-4/+5
|
* Internal cert and CSR creation error handling added.Evgeny Yurchenko2011-06-231-4/+12
|
* Internal CA creation error handling added.Evgeny Yurchenko2011-06-231-2/+6
|
* Intermediate CAs and openssl_xxx() error checking in CA management.Evgeny Yurchenko2011-06-231-0/+42
|
* Merge branch 'master' into yakatz-sslBill Marquette2011-05-141-5/+13
|\
| * Test for array/size before foreachjim-p2011-05-111-2/+4
| |
| * Various CRL fixes, handle empty internal CRLs better.jim-p2011-05-111-5/+8
| |
| * If we have deleted the last cert from the CRL, blank out the text.jim-p2011-05-051-1/+4
| |
* | checking moduli of ssl csr request and responseyakatz2011-04-211-0/+19
|/
* Allow editing of CAs, so that imported CAs can have their private keys added ↵jim-p2011-03-301-2/+4
| | | | later (mainly affected users upgrading from 1.2.3 and wanting to use the cert manager). Also, allow editing the CA's serial, since this shouldn't really be 0 for imported CAs, but the serial of the last cert that was made from this CA.
* Don't consider a cert as in use by the GUI if it's in HTTP mode. Fixes #1171jim-p2011-02-221-1/+2
|
* Do not use references here when building a ca_chain_array. Really fixes ↵jim-p2011-02-011-2/+2
| | | | #1231 - CAs are no longer lost when a config write happens at bootup.
* Ticket #621. Sort even csr subject to have the matching go ok during import ↵Ermal2011-01-121-0/+1
| | | | of externally signed cers.
* Ticket #621. sort the contents of array used for generating subject by keys ↵Ermal2011-01-071-3/+5
| | | | so whenever we do subject comparison we will not have problem just because of the array keys ordering.
* Fix this code a bit, my first attempt yesterday didn't work properly (this ↵jim-p2010-12-031-4/+8
| | | | should).
* Try to handle when cert subject entries are arrays.jim-p2010-12-021-3/+4
|
* Remove trailing carriage returnScott Ullrich2010-11-101-1/+1
|
* Add ability to select reason codes for revocation. Reformat CRL edit screen ↵jim-p2010-10-211-2/+1
| | | | a bit. Ticket #555
* Add more CRL functionality. Needs to wait on a new build for further testing.jim-p2010-10-201-1/+1
|
* Rename 'name' to 'descr' for CA, Certificates, and CRLs, to gain CDATA ↵jim-p2010-10-191-5/+5
| | | | protection and standardize field names. Ticket #320.
* Pass args to openssl_pkey_new() so it gets the key length too. Fixes #905jim-p2010-09-231-3/+3
|
* Properly check if this is in use.jim-p2010-09-211-1/+1
|
* Some fixes/enhancements/cleanupjim-p2010-09-211-7/+37
|
* Prevent a foreach on what might not be an array. Fixes #900jim-p2010-09-161-0/+4
|
* Fix this function's logic/variable tests.jim-p2010-09-161-3/+3
|
* Add some safety belt checks so we don't try to update an imported crljim-p2010-09-161-0/+9
|
* Add some CRL support functions, not active or used in the GUI yet.jim-p2010-09-161-2/+119
|
* Remove two unused functions (now useless) and add a few more utility functions.jim-p2010-09-021-12/+48
|
* CA/CERT Movejim-p2010-09-011-11/+11
|
* Add some user cert lookup functions.jim-p2010-07-071-0/+26
|
* Allow importing of a CA's private key (optionally).jim-p2010-07-071-1/+3
|
* Perform more strict validation on CA and Cert names before proceeding in the ↵jim-p2010-04-121-0/+6
| | | | wizard.
* Remove uneeded line because openssl module will be already loaded.Ermal2010-03-151-2/+0
|
* Ticket #161. Fix creation of certificates and the webgui one. This was a ↵Ermal2010-03-151-2/+2
| | | | problem on php API docs.
* Ticket #395. Add the path to the openssl.cnf to avoid errors. ↵Ermal Luçi2010-03-081-0/+2
| | | | /etc/ssl/openssl.cnf needs to be tuned more to suit pfSense.
* Convert to int so the keylength is respected during sign.Ermal Luçi2010-03-011-1/+1
|
* Ticket #161. Seems this does the trick for firefox.Ermal Luçi2010-02-101-3/+3
|
* Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additionsScott Ullrich2009-09-121-1/+2
|
* Resolve mergeScott Ullrich2009-08-241-226/+0
|
* Merge branch 'master' of git://rcs.pfsense.org/pfsense/nigel-ca-chain into ↵Scott Ullrich2009-08-241-0/+331
|\ | | | | | | | | | | | | | | review/master Conflicts: etc/inc/certs.inc etc/inc/upgrade_config.inc
| * Found another bug in ca_chain_array.Nigel Graham2009-05-261-1/+1
| |
| * Fixed a problem in ca_chain that caused a segmentation fault.Nigel Graham2009-05-261-9/+9
| |
| * Added support for certificate chains to manager so that lighty can deliver ↵Nigel Graham2009-05-241-0/+103
| | | | | | | | them via SSL.
* | * Move functions that output html to guiconfig.incErmal Luci2009-06-181-226/+224
|/ | | | | | | | | * Remove some recursive dependency on some includes * Remove ^M or \r from files * Remove some entries from functions.inc to avoid including them twice * Remove some unneccessary includes from some files NOTE: There is some more work to be done for pkg-utils.inc to be removed from backend as a dependency.
* Add validation for the ca configuration array presence. Minor style fixes.Matthew Grooms2008-09-091-9/+8
|
* Add validationSeth Mos2008-09-091-4/+7
|
* Implement a certificate authority and certificate webui that can be usedMatthew Grooms2008-08-091-0/+224
to centrally manage this data. There are no consumers at this time. This interface allow for the following ... Certificate Authority Manager: - List certificates authorities - Import existing certificate authority - Create internal certificate authority Certificate Manager: - List certificates - Import existing certificate - Create internal certificate using an internal CA - Generate certificate signing request for external CAs - Process certificate signing response from external CAs Certificate revocation is not currently implemented. The user system will also be extended to allow for user specific certificate management in a follow-up commit.
OpenPOWER on IntegriCloud