summaryrefslogtreecommitdiff
path: root/doc/certtool.cfg
Commit message (Collapse)AuthorAgeFilesLines
* Implement setting the TLS features extension on certificates via certtool's ↵Tim Kosse2016-05-301-0/+5
| | | | template file.
* updated certtool.cfgNikos Mavrogiannopoulos2014-09-181-9/+27
|
* updated example certtool.cfgNikos Mavrogiannopoulos2013-11-271-21/+77
|
* Add new extended key usage ipsecIKEMicah Anderson2010-09-291-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to RFC 4945 § 5.1.3.12 section title "ExtendedKeyUsage"[0] the following extended key usage has been added: ... this document defines an ExtendedKeyUsage keyPurposeID that MAY be used to limit a certificate's use: id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 } where id-kp is defined in RFC 3280 [5]. If a certificate is intended to be used with both IKE and other applications, and one of the other applications requires use of an EKU value, then such certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or anyExtendedKeyUsage [5], as well as the keyPurposeID values associated with the other applications. Similarly, if a CA issues multiple otherwise-similar certificates for multiple applications including IKE, and it is intended that the IKE certificate NOT be used with another application, the IKE certificate MAY contain an EKU extension listing a keyPurposeID of id-kp-ipsecIKE to discourage its use with the other application. Recall, however, that EKU extensions in certificates meant for use in IKE are NOT RECOMMENDED. Conforming IKE implementations are not required to support EKU. If a critical EKU extension appears in a certificate and EKU is not supported by the implementation, then RFC 3280 requires that the certificate be rejected. Implementations that do support EKU MUST support the following logic for certificate validation: o If no EKU extension, continue. o If EKU present AND contains either id-kp-ipsecIKE or anyExtendedKeyUsage, continue. o Otherwise, reject cert. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Update gnulib files, fix syntax-check warnings.Simon Josefsson2010-04-131-1/+0
|
* Typo fixes: successful, precedence, preferredAndreas Metzler2010-01-041-1/+1
|
* better grouping of configuration directivesNikos Mavrogiannopoulos2008-11-211-2/+2
|
* certtool: allow setting arbitrary key purpose object identifiers.Nikos Mavrogiannopoulos2008-11-051-0/+3
|
* Added function to copy extensions from a CRL to a certificate.Nikos Mavrogiannopoulos2008-10-041-0/+3
| | | | Reduced many warnings (and added more by defining gnutls_log as printf like function --gcc only)
* Added functions to handle and set CRL extensions.Nikos Mavrogiannopoulos2008-10-031-0/+3
|
* Corrected session resuming in SRP ciphersuites.Nikos Mavrogiannopoulos2004-05-261-1/+1
|
* certtool has now support for more X.520 DN attribute types.Nikos Mavrogiannopoulos2004-05-151-0/+6
|
* *** empty log message ***Nikos Mavrogiannopoulos2004-05-141-0/+3
|
* opencdk is being included if not found.Nikos Mavrogiannopoulos2004-05-121-0/+3
|
* *** empty log message ***gnutls_1_1_9Nikos Mavrogiannopoulos2004-04-141-10/+10
|
* *** empty log message ***Nikos Mavrogiannopoulos2004-04-141-0/+6
|
* *** empty log message ***Nikos Mavrogiannopoulos2004-04-141-0/+88
View Lorry Controller Status