summaryrefslogtreecommitdiffstats
path: root/ipalib/x509.py
Commit message (Collapse)AuthorAgeFilesLines
* Verify that the external CA certificate files are correct.Jan Cholasta2011-08-231-1/+19
| | | | ticket 1572
* Fix invalid issuer in unit testsMartin Kosek2011-07-271-2/+5
| | | | | | | Fix several test failures when issuer does not match the one generated by make-testcert (CN=Certificate Authority,O=<realm>). https://fedorahosted.org/freeipa/ticket/1527
* Use information from the certificate subject when setting the NSS nickname.Rob Crittenden2011-07-171-8/+26
| | | | | | | | | | | There were a few places in the code where certs were loaded from a PKCS#7 file or a chain in a PEM file. The certificates got very generic nicknames. We can instead pull the subject from the certificate and use that as the nickname. https://fedorahosted.org/freeipa/ticket/1141
* Make data type of certificates more obvious/predictable internally.Rob Crittenden2011-06-211-6/+110
| | | | | | | | | | | | | | | | | | | For the most part certificates will be treated as being in DER format. When we load a certificate we will generally accept it in any format but will convert it to DER before proceeding in normalize_certificate(). This also re-arranges a bit of code to pull some certificate-specific functions out of ipalib/plugins/service.py into ipalib/x509.py. This also tries to use variable names to indicate what format the certificate is in at any given point: dercert: DER cert: PEM nsscert: a python-nss Certificate object rawcert: unknown format ticket 32
* Change FreeIPA license to GPLv3+Jakub Hrozek2010-12-201-5/+5
| | | | | | | | | | The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
* Use newer API in ipalib/x509 and add missing import.Rob Crittenden2010-07-151-0/+1
| | | | The import was only used when running the in-tree lite-server
* Clean up crypto code, take advantage of new nss-python capabilitiesRob Crittenden2010-07-151-236/+52
| | | | | | | | This patch does the following: - drops our in-tree x509v3 parser to use the python-nss one - return more information on certificates - make an API change, renaming cert-get to cert-show - Drop a lot of duplicated code
* Correct some comment errorsRob Crittenden2010-01-191-2/+1
|
* rebase dogtag clean-up patchJohn Dennis2009-12-091-4/+3
|
* Add type argument to x509.load_certificate() so it can handle binary certsRob Crittenden2009-12-011-9/+12
|
* Use pyasn1-based PKCS#10 and X509v3 parsers instead of pyOpenSSL.Rob Crittenden2009-11-301-0/+272
The pyOpenSSL PKCS#10 parser doesn't support attributes so we can't identify requests with subject alt names. Subject alt names are only allowed if: - the host for the alt name exists in IPA - if binding as host principal, the host is in the services managedBy attr
generated by cgit (git 2.34.1) at 2024-05-04 22:03:14 +0000