Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Implement setting the TLS features extension on certificates via certtool's ↵ | Tim Kosse | 2016-05-30 | 1 | -0/+5 |
| | | | | template file. | ||||
* | updated certtool.cfg | Nikos Mavrogiannopoulos | 2014-09-18 | 1 | -9/+27 |
| | |||||
* | updated example certtool.cfg | Nikos Mavrogiannopoulos | 2013-11-27 | 1 | -21/+77 |
| | |||||
* | Add new extended key usage ipsecIKE | Micah Anderson | 2010-09-29 | 1 | -0/+3 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to RFC 4945 § 5.1.3.12 section title "ExtendedKeyUsage"[0] the following extended key usage has been added: ... this document defines an ExtendedKeyUsage keyPurposeID that MAY be used to limit a certificate's use: id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 } where id-kp is defined in RFC 3280 [5]. If a certificate is intended to be used with both IKE and other applications, and one of the other applications requires use of an EKU value, then such certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or anyExtendedKeyUsage [5], as well as the keyPurposeID values associated with the other applications. Similarly, if a CA issues multiple otherwise-similar certificates for multiple applications including IKE, and it is intended that the IKE certificate NOT be used with another application, the IKE certificate MAY contain an EKU extension listing a keyPurposeID of id-kp-ipsecIKE to discourage its use with the other application. Recall, however, that EKU extensions in certificates meant for use in IKE are NOT RECOMMENDED. Conforming IKE implementations are not required to support EKU. If a critical EKU extension appears in a certificate and EKU is not supported by the implementation, then RFC 3280 requires that the certificate be rejected. Implementations that do support EKU MUST support the following logic for certificate validation: o If no EKU extension, continue. o If EKU present AND contains either id-kp-ipsecIKE or anyExtendedKeyUsage, continue. o Otherwise, reject cert. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org> | ||||
* | Update gnulib files, fix syntax-check warnings. | Simon Josefsson | 2010-04-13 | 1 | -1/+0 |
| | |||||
* | Typo fixes: successful, precedence, preferred | Andreas Metzler | 2010-01-04 | 1 | -1/+1 |
| | |||||
* | better grouping of configuration directives | Nikos Mavrogiannopoulos | 2008-11-21 | 1 | -2/+2 |
| | |||||
* | certtool: allow setting arbitrary key purpose object identifiers. | Nikos Mavrogiannopoulos | 2008-11-05 | 1 | -0/+3 |
| | |||||
* | Added function to copy extensions from a CRL to a certificate. | Nikos Mavrogiannopoulos | 2008-10-04 | 1 | -0/+3 |
| | | | | Reduced many warnings (and added more by defining gnutls_log as printf like function --gcc only) | ||||
* | Added functions to handle and set CRL extensions. | Nikos Mavrogiannopoulos | 2008-10-03 | 1 | -0/+3 |
| | |||||
* | Corrected session resuming in SRP ciphersuites. | Nikos Mavrogiannopoulos | 2004-05-26 | 1 | -1/+1 |
| | |||||
* | certtool has now support for more X.520 DN attribute types. | Nikos Mavrogiannopoulos | 2004-05-15 | 1 | -0/+6 |
| | |||||
* | *** empty log message *** | Nikos Mavrogiannopoulos | 2004-05-14 | 1 | -0/+3 |
| | |||||
* | opencdk is being included if not found. | Nikos Mavrogiannopoulos | 2004-05-12 | 1 | -0/+3 |
| | |||||
* | *** empty log message ***gnutls_1_1_9 | Nikos Mavrogiannopoulos | 2004-04-14 | 1 | -10/+10 |
| | |||||
* | *** empty log message *** | Nikos Mavrogiannopoulos | 2004-04-14 | 1 | -0/+6 |
| | |||||
* | *** empty log message *** | Nikos Mavrogiannopoulos | 2004-04-14 | 1 | -0/+88 |