summaryrefslogtreecommitdiffstats
path: root/src/util/cert
Commit message (Collapse)AuthorAgeFilesLines
* libsss_certmap: Accept certificate with data before headerDavid Kupka2017-04-031-4/+5
| | | | | | | | | | | | | According to RFC 7468 parser must not fail when some data are present before the encapsulation boundary. sss_cert_pem_to_der didn't respect this and refused valid input. Changing it's code to first locate the certificate header fixes the issue. Resolves: https://pagure.io/SSSD/sssd/issue/3354 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
* sss_cert_derb64_to_ldap_filter: add sss_certmap supportSumit Bose2017-03-231-11/+65
| | | | | | | | | | Use certificate mapping library if available to lookup a user by certificate in LDAP. Related to https://pagure.io/SSSD/sssd/issue/3050 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* UTIL: Fix implicit declaration of function 'htobe32'Lukas Slebodnik2016-11-252-0/+2
| | | | | | | | | | | | | | | | | | | Include internal wrapper header file for endian related functions. The "util/sss_endian.h" include available header file on different platform or it provides compatible macros in the worst case. Breakage noticed when building SSSD on FreeBSD CC src/util/cert/nss/libsss_cert_la-cert.lo src/util/cert/nss/cert.c: In function 'cert_to_ssh_key': src/util/cert/nss/cert.c:358: error: implicit declaration of function 'htobe32' gmake[2]: *** [Makefile:12421: src/util/cert/nss/libsss_cert_la-cert.lo] Error 1 gmake[2]: Leaving directory '/root/sssd_from_git' gmake[1]: *** [Makefile:20050: all-recursive] Error 1 gmake[1]: Leaving directory '/root/sssd_from_git' gmake: *** [Makefile:7116: all] Error 2 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
* crypto: Port libcrypto code to openssl-1.1Lukas Slebodnik2016-10-201-4/+19
| | | | | | EVP_MD_CTX and EVP_CIPHER_CTX are opaque in openssl-1.1 Reviewed-by: Tomas Mraz <tmraz@redhat.com>
* cert_to_ssh_key: properly add leading 0 to bignumsSumit Bose2016-07-071-8/+24
| | | | | | | | In the ssh keys a leading 0 is added to the bignums of the RSA modulus and exponent if the leading bit is set to avoid the interpretation as a negative number. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* p11: add OCSP default responder optionsSumit Bose2016-06-091-3/+40
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* p11: add no_verification optionSumit Bose2016-06-092-10/+12
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* p11: enable ocsp checksSumit Bose2015-11-262-1/+15
| | | | | | | | | | | This patch enables the Online Certificate Status Protocol in NSS and adds an option to disable it if needed. To make further tuning of certificate verification more easy it is not an option on its own but an option to the new certificate_verification configuration option. Resolves https://fedorahosted.org/sssd/ticket/2812 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* ssh: generate public keys from certificateSumit Bose2015-07-312-0/+223
| | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* utils: add NSS version of cert utilsSumit Bose2015-07-311-0/+212
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* certs: add PEM/DER conversion utilitiesSumit Bose2015-06-192-0/+322
Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
generated by cgit (git 2.34.1) at 2026-01-05 21:00:35 +0000