1
0
mirror of https://github.com/danog/tgseclib.git synced 2024-12-11 16:49:41 +01:00
Commit Graph

156 Commits

Author SHA1 Message Date
terrafrost
6bfca3df72 X509: CS adjustment 2018-04-14 23:41:00 -05:00
terrafrost
ea47574317 X509: add methods to enable / disable URL fetching 2018-03-03 13:42:17 -06:00
terrafrost
f5807e1d4e X509: auto download intermediate certs 2018-03-02 12:53:15 -06:00
terrafrost
8aecafc92f X509: fix 7.2 error when extensions were removed and new ones added 2018-01-21 12:36:49 -06:00
terrafrost
36e9992508 X509: serial numbers are biginteger's 2017-12-14 06:22:55 -06:00
terrafrost
247e969366 X509: simplify revised validation logic and add to CRL validation 2017-12-13 19:36:55 -06:00
mdelikat
d9195ea5bd validateSignature if subjectKeyIdentifier is not set and check serial number if is set 2017-12-13 19:05:06 -06:00
terrafrost
703f7840db X509: use anonymous function in PHP >= 5.3.0 2017-12-03 15:55:58 -06:00
terrafrost
ffcff461c4 X509: URL validation didn't work (#1203) 2017-11-05 11:36:41 -06:00
terrafrost
6f47ef808e X509: fix issues when using datetime without a timezone set in ini 2017-09-30 22:54:33 +01:00
terrafrost
4b1102de7e X509: updates to DateTime integration 2017-08-28 23:29:03 -05:00
terrafrost
09c17b1a31 ASN1 / X509: update to use DateTime instead of unix time 2017-08-24 12:48:15 -05:00
terrafrost
19c71e4a98 X509: include subjectaltname extension even if only one domain name 2017-05-14 08:49:04 -05:00
terrafrost
da6e5211df X509: ignore certificate transparency extension 2016-12-17 17:41:56 -06:00
terrafrost
845135f887 add PHP5-style constructors along side PHP4-style ones 2016-09-10 10:41:05 -07:00
klemens
dca95ac662 spelling fixes 2016-08-04 00:19:27 -05:00
John Sterling
88ce26f8ca Improve performance of File\X509->_mapInExtensions() for large arrays
This avoids passing array references by-value to is_array()
(which would trigger a copy) by refactoring _subArray() into
a separate is_array() check on a by-value var, and a separate
unchecked reference return.
2016-06-26 19:44:48 -05:00
terrafrost
b6801c837c X509: set parameter fields to null for CSR's / RSA 2016-06-19 10:53:20 -05:00
terrafrost
52a7aee1f5 X509: add support for constructed DNs and non-strict DN checks 2016-05-03 18:22:53 -05:00
terrafrost
46bb95a265 X509: improve base64-encoded detection rules 2015-10-22 09:45:40 -05:00
terrafrost
2048a49aac use self:: in phpdoc comments to reduce merge conflicts 2015-10-11 12:22:07 -05:00
Graham Campbell
010c1285ba Fixed another case 2015-09-06 23:05:41 +01:00
Graham Campbell
06a1d3d981 Fixed error 2015-09-06 22:19:34 +01:00
Graham Campbell
dd031a1702 PHPDoc fixes 2015-09-06 12:28:08 +01:00
Andreas Fischer
e1bd0dfaf5 Merge pull request #801 from GrahamForks/1.0-phpdoc
[1.0] PHPDoc Fixes

* GrahamForks/1.0-phpdoc:
  Fixed lots of phpdoc typos
  Fixed invalid param phpdoc
2015-09-02 20:43:38 +02:00
Graham Campbell
cd0e10cf9d Fixed lots of phpdoc typos 2015-09-02 00:37:54 +01:00
terrafrost
abbee318cc X509: updates to getOID() as suggested by bantu 2015-08-31 15:20:38 -05:00
terrafrost
d7d9d782b0 X509: add getOID() method 2015-08-29 22:15:04 -05:00
Andreas Fischer
2013a31ecd Use phpcbf to fix PHP code to ruleset. 2015-07-17 12:57:41 +02:00
terrafrost
0d3a117608 X509: add a comment to explain the bitmask 2015-07-17 00:45:20 -05:00
terrafrost
693804e62a X509: move where Crypt/Random loading is done 2015-07-16 11:50:22 -05:00
terrafrost
374f8db2e3 X509: use a random serial number 2015-07-16 11:31:20 -05:00
terrafrost
77c757d095 X509: set one more parameter to null 2015-06-29 22:10:18 -05:00
terrafrost
6c2798be90 X509: set another parameters field to null 2015-06-29 21:53:27 -05:00
terrafrost
46a3c0fbbb X509: set parameter field to null for RSA keys 2015-06-28 11:32:42 -05:00
Andreas Fischer
5d2590feb0 Replace ; with : in case statement. 2015-05-03 13:18:23 +02:00
terrafrost
7ac2470c98 Merge branch '1.0' of https://github.com/phpseclib/phpseclib into x509-custom-extensions 2015-03-09 01:38:33 -05:00
terrafrost
e686c095b6 X509: always base64-encode extensions for which _getMapping returns a bool 2015-03-01 12:05:49 -06:00
terrafrost
7e2dd90140 X509: make it so you can use File_ASN1_Element for custom X.509 extensions 2015-03-01 11:57:36 -06:00
Andreas Fischer
0efae5a91e Change copyright years from roman numeral to decimal numbers. 2014-12-10 00:04:08 +01:00
terrafrost
83301097ea RSA: rename PUBLIC_FORMAT_PKCS1_RAW -> PUBLIC_FORMAT_PKCS8
also make CRYPT_RSA_PUBLIC_FORMAT_PKCS8 the default format
2014-06-13 13:11:59 -05:00
terrafrost
72a0913d39 RSA: slight adjustment to CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW format
CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW and CRYPT_RSA_PUBLIC_FORMAT_PKCS1
produce two very similar looking keys but they are not the same.
As dissection OpenSSL's asn1parse would reveal CRYPT_RSA_PUBLIC_FORMAT_PKCS1
has the fact that it is an RSA key embedded within it whereas
CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW does not. phpseclib now resolves
this ambiguity in the same way that OpenSSH's ssh-keygen does.

Despite this change CRYPT_RSA_PUBLIC_FORMAT_PKCS1_RAW is still incompatible
with OpenSSL's rsautl (CRYPT_RSA_PUBLIC_FORMAT_PKCS1 is compatible). I guess
this incompatibility isn't just due to the headers but is also due to the
overall structure of the format.
2014-06-10 22:16:59 -05:00
terrafrost
b1ad911d20 X509: CS adjustments 2014-06-05 08:33:27 -05:00
terrafrost
aabc5cf822 X509: PHP4 compat changes 2014-06-05 08:10:52 -05:00
terrafrost
dce03bb003 X509: add signSPKAC() and saveSPKAC() methods 2014-06-03 23:44:09 -05:00
terrafrost
dfa583b9ea X509: Array -> array (CS consistency) 2014-03-29 15:26:50 -05:00
Michael Braun
457f8fbb99 fix certificate date encoding
RFC 3280 requires in section
 - 4.1.2.5 Validity
 - 5.1.2.4 This Update
 - 5.1.2.5 Next Update
 - 5.1.2.6 Revoked Certificates
that dates are to be encoded as utcTime iff they are before 2050 and
as generalTime otherwise.

Currently, phpseclib does not respect this by always choosing generalTime.
Further, the format used interally to represent dates only keeps two digits,
so dates in 2050 and later cannot be represented in this format.

This patch fixes this by
 1. changing the interal format to be capable of unambiguously representing
    dates in 2050 or later (i.e. use four digits to represent the year),
 2. choosing between utcTime and generalTime accordingly.

Without this patch, openssl_x509_parse complains:
 Warning: openssl_x509_parse(): illegal ASN1 data type for timestamp
2014-03-28 15:02:50 +01:00
Andreas Fischer
fb1296bbec Drop meaningless, outdated, inconsistent version tags in doc blocks.
find phpseclib -type f -name "*.php" -exec sed -i '/@version/d' {} \;
2014-03-11 15:58:33 +01:00
Veres Lajos
930a3fb4d2 typofixes - https://github.com/vlajos/misspell_fixer 2014-03-05 23:41:20 +00:00
Graham Campbell
1c2796e3eb Cleaned up whitespace 2014-01-18 17:29:25 +00:00