sssd.git/src/util/cert, branch sssctl Unnamed repository; edit this file 'description' to name the repository. libsss_certmap: Accept certificate with data before header 2017-04-03T08:43:07+00:00 David Kupka dkupka@redhat.com 2017-03-31T19:31:23+00:00 5231ba679402eeb0705a3ecd41f97fdd67d42a69 According to RFC 7468 parser must not fail when some data are present before the encapsulation boundary. sss_cert_pem_to_der didn't respect this and refused valid input. Changing it's code to first locate the certificate header fixes the issue. Resolves: https://pagure.io/SSSD/sssd/issue/3354 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
According to RFC 7468 parser must not fail when some data are present
before the encapsulation boundary. sss_cert_pem_to_der didn't respect
this and refused valid input. Changing it's code to first locate
the certificate header fixes the issue.

Resolves:
https://pagure.io/SSSD/sssd/issue/3354

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
sss_cert_derb64_to_ldap_filter: add sss_certmap support 2017-03-23T16:19:14+00:00 Sumit Bose sbose@redhat.com 2017-02-02T15:34:32+00:00 b341ee51cffd98b642b9c68a417f8a7504e303a1 Use certificate mapping library if available to lookup a user by certificate in LDAP. Related to https://pagure.io/SSSD/sssd/issue/3050 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Use certificate mapping library if available to lookup a user by
certificate in LDAP.

Related to https://pagure.io/SSSD/sssd/issue/3050

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
UTIL: Fix implicit declaration of function 'htobe32' 2016-11-25T09:31:33+00:00 Lukas Slebodnik lukas.slebodnik@intrak.sk 2016-11-18T16:29:44+00:00 58aa8d645fa95641431a2828e985f80c7fc36465 Include internal wrapper header file for endian related functions. The "util/sss_endian.h" include available header file on different platform or it provides compatible macros in the worst case. Breakage noticed when building SSSD on FreeBSD CC src/util/cert/nss/libsss_cert_la-cert.lo src/util/cert/nss/cert.c: In function 'cert_to_ssh_key': src/util/cert/nss/cert.c:358: error: implicit declaration of function 'htobe32' gmake[2]: *** [Makefile:12421: src/util/cert/nss/libsss_cert_la-cert.lo] Error 1 gmake[2]: Leaving directory '/root/sssd_from_git' gmake[1]: *** [Makefile:20050: all-recursive] Error 1 gmake[1]: Leaving directory '/root/sssd_from_git' gmake: *** [Makefile:7116: all] Error 2 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Include internal wrapper header file for endian related functions.
The "util/sss_endian.h" include available header file on different
platform or it provides compatible macros in the worst case.

Breakage noticed when building SSSD on FreeBSD

  CC       src/util/cert/nss/libsss_cert_la-cert.lo
src/util/cert/nss/cert.c: In function 'cert_to_ssh_key':
src/util/cert/nss/cert.c:358: error: implicit declaration of function 'htobe32'
gmake[2]: *** [Makefile:12421: src/util/cert/nss/libsss_cert_la-cert.lo] Error 1
gmake[2]: Leaving directory '/root/sssd_from_git'
gmake[1]: *** [Makefile:20050: all-recursive] Error 1
gmake[1]: Leaving directory '/root/sssd_from_git'
gmake: *** [Makefile:7116: all] Error 2

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
crypto: Port libcrypto code to openssl-1.1 2016-10-20T12:51:42+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-10-17T13:44:20+00:00 8f1316a0c677f211eaaa1346e21a03446b8c4fb1 EVP_MD_CTX and EVP_CIPHER_CTX are opaque in openssl-1.1 Reviewed-by: Tomas Mraz <tmraz@redhat.com> 
EVP_MD_CTX and EVP_CIPHER_CTX are opaque in openssl-1.1

Reviewed-by: Tomas Mraz <tmraz@redhat.com>
cert_to_ssh_key: properly add leading 0 to bignums 2016-07-07T16:13:32+00:00 Sumit Bose sbose@redhat.com 2016-06-15T19:49:02+00:00 8b2bd0587af6ed6bbd7eab7a332ec88de6b7c36c In the ssh keys a leading 0 is added to the bignums of the RSA modulus and exponent if the leading bit is set to avoid the interpretation as a negative number. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
In the ssh keys a leading 0 is added to the bignums of the RSA modulus
and exponent if the leading bit is set to avoid the interpretation as a
negative number.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
p11: add OCSP default responder options 2016-06-09T09:58:17+00:00 Sumit Bose sbose@redhat.com 2016-04-12T16:14:08+00:00 53ef8f81b60929a6c866efdd133627e7d7d61705 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
p11: add no_verification option 2016-06-09T09:58:12+00:00 Sumit Bose sbose@redhat.com 2016-03-24T19:42:12+00:00 aa35995ef056aa8ae052a47c62c6750b7adf065e Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
p11: enable ocsp checks 2015-11-26T15:39:49+00:00 Sumit Bose sbose@redhat.com 2015-11-05T17:20:27+00:00 544a20de7667f05c1a406c4dea0706b0ab507430 This patch enables the Online Certificate Status Protocol in NSS and adds an option to disable it if needed. To make further tuning of certificate verification more easy it is not an option on its own but an option to the new certificate_verification configuration option. Resolves https://fedorahosted.org/sssd/ticket/2812 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.

Resolves https://fedorahosted.org/sssd/ticket/2812

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ssh: generate public keys from certificate 2015-07-31T07:52:06+00:00 Sumit Bose sbose@redhat.com 2015-07-15T07:40:00+00:00 4de84af23db74e13e867985c9093f394c9fa8d51 Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves: https://fedorahosted.org/sssd/ticket/2711

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
utils: add NSS version of cert utils 2015-07-31T07:51:35+00:00 Sumit Bose sbose@redhat.com 2015-06-22T14:36:36+00:00 0d5bb38364a6976e9c85d6349aa13a04d181a090 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>