summaryrefslogtreecommitdiffstats
path: root/src/util/cert/nss
Commit message (Collapse)AuthorAgeFilesLines
* libsss_certmap: Accept certificate with data before headerDavid Kupka2017-04-031-4/+5
| | | | | | | | | | | | | According to RFC 7468 parser must not fail when some data are present before the encapsulation boundary. sss_cert_pem_to_der didn't respect this and refused valid input. Changing it's code to first locate the certificate header fixes the issue. Resolves: https://pagure.io/SSSD/sssd/issue/3354 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
* UTIL: Fix implicit declaration of function 'htobe32'Lukas Slebodnik2016-11-251-0/+1
| | | | | | | | | | | | | | | | | | | Include internal wrapper header file for endian related functions. The "util/sss_endian.h" include available header file on different platform or it provides compatible macros in the worst case. Breakage noticed when building SSSD on FreeBSD CC src/util/cert/nss/libsss_cert_la-cert.lo src/util/cert/nss/cert.c: In function 'cert_to_ssh_key': src/util/cert/nss/cert.c:358: error: implicit declaration of function 'htobe32' gmake[2]: *** [Makefile:12421: src/util/cert/nss/libsss_cert_la-cert.lo] Error 1 gmake[2]: Leaving directory '/root/sssd_from_git' gmake[1]: *** [Makefile:20050: all-recursive] Error 1 gmake[1]: Leaving directory '/root/sssd_from_git' gmake: *** [Makefile:7116: all] Error 2 Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
* cert_to_ssh_key: properly add leading 0 to bignumsSumit Bose2016-07-071-8/+24
| | | | | | | | In the ssh keys a leading 0 is added to the bignums of the RSA modulus and exponent if the leading bit is set to avoid the interpretation as a negative number. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* p11: add OCSP default responder optionsSumit Bose2016-06-091-3/+40
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* p11: add no_verification optionSumit Bose2016-06-091-9/+11
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* p11: enable ocsp checksSumit Bose2015-11-261-1/+14
| | | | | | | | | | | This patch enables the Online Certificate Status Protocol in NSS and adds an option to disable it if needed. To make further tuning of certificate verification more easy it is not an option on its own but an option to the new certificate_verification configuration option. Resolves https://fedorahosted.org/sssd/ticket/2812 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* ssh: generate public keys from certificateSumit Bose2015-07-311-0/+130
| | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* utils: add NSS version of cert utilsSumit Bose2015-07-311-0/+212
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
generated by cgit (git 2.34.1) at 2026-01-06 21:27:08 +0000