summaryrefslogtreecommitdiffstats
path: root/src/etc/inc/certs.inc
Commit message (Collapse)AuthorAgeFilesLines
* Fix CA reference so serial increases properly. Remove variable for feature ↵jim-p2017-07-071-1/+1
| | | | that didn't work out. Ticket #7527
* Restructure how certificate types and SANs are handled in the cert manager ↵jim-p2017-07-061-24/+53
| | | | | | when making a Cert/CSR/Signing, so each section can properly use the controls without duplicating. It is now possible to add SANs and EKUs to certificates when signing using the certificate manager. Fixes #7527 and also Fixes #7677 NOTE: Attributes such as SANs and KU/EKU cannot be copied from a CSR when signing due to a deficiency in OpenSSL's x509 functions (they do not support "copy_extensions" at this time). They must be specified manually.
* Add the ability to set certificate type and SAN attributes in a CSR. Ticket ↵jim-p2017-07-051-2/+24
| | | | | | #7527 TODO: They are not carried over after signing in the GUI
* Fix some additional cases for CN->SAN handling, and move some code to a ↵jim-p2017-07-051-0/+27
| | | | function to avoid duplication for other pending uses. Ticket #7666
* Allow a wider range of characters to be used in certificate fields, as laid ↵jim-p2017-05-111-0/+16
| | | | out by RFC 4514. Fixes #7540
* Show SAN, KU, and EKU info in the certificate list. Implements #7505jim-p2017-05-021-1/+39
| | | | While here, also fix "server" cert detection to key off of the EKU For "TLS Web Server Authentication" since nsCertType has been deprecated.
* Merge pull request #3699 from PiBa-NL/20170417-certificatemanager-ca-crl-inuseRenato Botelho2017-04-201-0/+21
|\
| * certificate manager, show 'in use' also for CA and CRL where certificates ↵PiBa-NL2017-04-171-0/+21
| | | | | | | | are in use by packages.
* | certificate manager, allow importing of ECC certificates, change multiple ↵PiBa-NL2017-04-171-13/+14
| | | | | | | | 'if' to 'switch'
* | certificate manager, allow importing of ECC certificatesPiBa-NL2017-04-161-24/+16
|/
* Remove whirlpool from the list of CA/Cert digest algorithms as it does not ↵jim-p2017-03-081-1/+1
| | | | | | work properly. OpenSSL claims it's not valid ("unknown signature algorithm"). Fixes #7370 While I'm here, stop needlessly repeating the algo list, it's a global in certs.inc, so use that single copy of the list.
* certificatemanager, link certificate to the proper CA after completing the ↵PiBa-NL2017-02-251-4/+2
| | | | CSR request
* Fix certificate generation for CAs without a serial set on import. Fixes #6952jim-p2016-11-291-2/+7
|
* Add some CA in-use test utility functions. Ticket #6947jim-p2016-11-291-0/+59
|
* Put original match backdoktornotor2016-11-171-1/+1
| | | Did not mean to remove SSL substring from the check...
* Fix nsCertType matching for some certificates (Bug #6877)doktornotor2016-11-171-1/+1
| | | See https://redmine.pfsense.org/issues/6877#note-4
* Move copyright from ESF to NetgateRenato Botelho2016-09-061-1/+1
|
* Move to Apache License 2.0Renato Botelho2016-07-151-41/+9
|
* Review license / copyright on all files (1st round)Renato Botelho2016-07-141-50/+51
|
* Merge pull request #2994 from stilez/patch-31Chris Buechler2016-06-301-0/+8
|\
| * Get modulus keysizestilez2016-06-061-0/+8
| | | | | | Useful utility function when it's necessary to verify that existing keys meets current practices
* | Add missing recommended digeststilez2016-05-081-1/+1
|/
* Do not allow certificate to be deleted if it's been used by a package. Fixes ↵Renato Botelho2016-01-151-1/+19
| | | | #4142
* Update license on files from /etc/incRenato Botelho2016-01-151-16/+40
|
* Remove all pfSense_MODULE and pfSense_BUILDER_BINARIES definitions, whatever ↵Renato Botelho2015-12-151-2/+0
| | | | was the reason they were added, it was never finished and it's not being used
* etc inc delete $Id commentsPhil Davis2015-11-101-1/+0
| | | | | | and bits of white space. Note: There are plenty of files still with old-format copyright sections in here.
* Add 'caref' attribute to the ca object passed into ca_inter_create so aMatt Smith2015-10-161-0/+1
| | | | relationship to the signing CA can be maintained. Fixes #5313.
* Move main pfSense content to src/Renato Botelho2015-08-251-0/+867
OpenPOWER on IntegriCloud