Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Lose duplicated cert in ocsp response | Jeremy Harris | 2022-11-22 | 1 | -30/+30 |
| | |||||
* | Testsuite: regenerate OCSP proofs with proof-signer certs | Jeremy Harris | 2022-11-22 | 1 | -30/+30 |
| | |||||
* | Testsuite: regenerate certificates tree | Jeremy Harris | 2022-11-03 | 1 | -33/+31 |
| | | | | The OCSP proofs had become out-of-date | ||||
* | Testsuite: regen certificates suite with fixed Authority Identifier | Jeremy Harris | 2021-06-04 | 1 | -32/+34 |
| | |||||
* | Testsuite: regenerate CA trees with 2048-bit keys | Jeremy Harris | 2018-11-27 | 1 | -26/+37 |
| | | | | This is to support RHEL 8.0 where OpenSSL dislikes 1024 | ||||
* | Testsuite: move CRL testcases away from using SHA1-signed certs | Jeremy Harris | 2017-12-18 | 1 | -17/+17 |
| | |||||
* | Testsuite: regenerate certs tree | Jeremy Harris | 2017-12-16 | 1 | -17/+17 |
| | |||||
* | Testsuite: testcase for Bug 2198 | Jeremy Harris | 2017-12-16 | 1 | -20/+20 |
| | |||||
* | Testsuite: regen certs trees, now with OCSP response for one EC cert | Jeremy Harris | 2017-12-03 | 1 | -17/+17 |
| | |||||
* | TLS: support multiple certificate files in server. Bug 2092 | Jeremy Harris | 2017-11-07 | 1 | -28/+28 |
| | |||||
* | Testsuite: use certs expring before end of 2037, to avoid GnuTLS top-limit ↵ | Jeremy Harris | 2017-01-31 | 1 | -19/+19 |
| | | | | clamp on small-size_t platforms | ||||
* | Testsuite: regen certs, now with additional LetsEncrypt-style OCSP proofs | Jeremy Harris | 2016-11-02 | 1 | -20/+20 |
| | |||||
* | DANE: do not override a cert verify failure, in callback. Also fix some ↵ | Jeremy Harris | 2015-12-17 | 1 | -22/+22 |
| | | | | test mistakes | ||||
* | Support OCSP Stapling under GnuTLS. Bug 1459 | Jeremy Harris | 2014-04-24 | 1 | -19/+19 |
| | | | | | Requires GnuTLS version 3.1.3 or later. Under EXPERIMENTAL_OCSP | ||||
* | Increase test CA key sizes from 512 to 1024 to handle TLS1.2 digest sizes. | Jeremy Harris | 2013-12-15 | 1 | -18/+24 |
| | |||||
* | OCSP-stapling enhancement and testing. | Jeremy Harris | 2013-03-25 | 1 | -0/+29 |
Server: Honor environment variable as well as running_in_test_harness in permitting bogus staplings Update server tests Add "-ocsp" option to client-ssl. Server side: add verification of stapled status. First cut server-mode ocsp testing. Fix some uninitialized ocsp-related data. Client (new): Verify stapling using only the chain that verified the server cert, not any acceptable chain. Add check for multiple responses in a stapling, which is not handled Refuse verification on expired and revoking staplings. Handle OCSP client refusal on lack of stapling from server. More fixing in client OCSP: use the server cert signing chain to verify the OCSP info. Add transport hosts_require_ocsp option. Log stapling responses. Start on tests for client-side. Testing support: Add CRL generation code and documentation update Initial CA & certificate set for testing. BUGFIX: Once a single OCSP response has been extracted the validation routine return code is no longer about the structure, but the actual returned OCSP status. |