Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Created first Git repository for OpenCA's OCSPD
- Loading branch information
0 parents
commit f5a9256
Showing
87 changed files
with
52,513 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
Project Author(s): | ||
Massimiliano Pala <madwolf@openca.org> | ||
|
||
Project Contributor(s): | ||
Many thanks go to the people of the OpenSSL project from where | ||
some of the used code comes from. Many thanks to all of them, | ||
now and forever. | ||
|
||
Additional contribution (in no particular order) from: | ||
* Sergei Vyshenski | ||
* Julia Dubenskaya | ||
* David A. Cooper | ||
|
||
Project Alpha and Beta Tester(s) (in no particular order): | ||
* Maselli Giovanni Francesco | ||
* Guillaume Tamboise | ||
* Apu Kapadia |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
==================================================================== | ||
OpenCA OCSPD daemon - Open Source Project | ||
(c) 1999-2009 by OpenCA Labs and Massimilian Pala | ||
All Rights Reserved | ||
==================================================================== | ||
|
||
This software have been released under an Apache-style licence. | ||
|
||
This software consists of voluntary contributions made by many | ||
individuals on behalf of the OpenCA Labs. For more information | ||
on the OpenCA Team and the OpenCA Project please refer to | ||
<http://www.OpenCA.org/>. | ||
|
||
Redistribution and use in source and binary forms, with or without | ||
modification, are permitted provided that the following conditions | ||
are met: | ||
|
||
1. Redistributions of source code must retain the above copyright | ||
notice, this list of conditions and the following disclaimer. | ||
|
||
2. Redistributions in binary form must reproduce the above copyright | ||
notice, this list of conditions and the following disclaimer in | ||
the documentation and/or other materials provided with the | ||
distribution. | ||
|
||
3. All advertising materials mentioning features or use of this | ||
software must display the following acknowledgment: | ||
"This product includes software developed by the OpenCA Labs | ||
for use in the OpenCA project (http://www.OpenCA.org/)." | ||
|
||
4. The names "OpenCA" and "OpenCA Labs" must not be used to | ||
endorse or promote products derived from this software without | ||
prior written permission. For written permission, please contact | ||
madwolf@openca.org. | ||
|
||
5. Products derived from this software may not be called "OpenCA" | ||
nor may "OpenCA" appear in their names without prior written | ||
permission of the OpenCA Labs. | ||
|
||
6. Redistributions of any form whatsoever must retain the following | ||
acknowledgment: | ||
|
||
"This product includes software developed by Massimiliano | ||
Pala and the OpenCA Labs for use in the OpenCA project | ||
(http://www.openca.org/)." | ||
|
||
THIS SOFTWARE IS PROVIDED BY THE OPENCA TEAM ``AS IS'' AND ANY | ||
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENCA TEAM OR | ||
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
OF THE POSSIBILITY OF SUCH DAMAGE. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,198 @@ | ||
* May 10 2014 Massimiliano Pala <madwolf@openca.org> | ||
- Fixed issue with generating responses with hardware tokens | ||
- Updated support for LibPKI 0.8.5+ | ||
|
||
* Oct 07 2013 Massimiliano Pala <madwolf@openca.org> | ||
- Fixed ocsp-genreq.sh script to correctly handle signing algorithm | ||
|
||
* Oct 07 2013 Massimiliano Pala <madwolf@openca.org> | ||
- Updated support for libpki 0.8.2 | ||
- Added extra checks option for the configure (--enable-extra-checks) | ||
- Fixed all reported warnings | ||
|
||
* Sep 24 2013 Massimiliano Pala <madwolf@openca.org> | ||
- Fixed using ca-specific OCSPD server certificate (option was ignored) | ||
- Updated support for libpki 0.8.2 to fix HTTP GET method support | ||
- Updated configure.in to configure.ac script | ||
|
||
* Aug 07 2013 Massimiliano Pala <madwolf@openca.org> | ||
- Updated API for using OCSPD with libpki 0.8.0 | ||
- Added signatureDigestAlgorithm option in ocspd.xml config file to force signing digest algoritm | ||
|
||
* Jun 13 2013 Massimiliano Pala <madwolf@openca.org> | ||
- Updated API for using OCSPD with libpki 0.7.0+ | ||
- Improved logging for startup sequence (better report of errors during token loading) | ||
|
||
* Jul 21 2011 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed a memory issue related to inappropriate usage of syslog() instead of | ||
PKI_log() | ||
|
||
* Mar 15 2011 Massimiliano Pala <madwolf@openca.org> | ||
-Added '-testmode' switch to set the OCSP as a test responder: all signatures are invalidated by flipping the first bit in the signature | ||
|
||
* Feb 10 2011 Massimiliano Pala <madwolf@openca.org> | ||
-Updated default configuration files (default passin set to none) | ||
-Enhanced support for ECDSA support | ||
|
||
* Feb 9 2011 Massimiliano Pala <madwolf@openca.org> | ||
-Updated thread management with builtin support from LibPKI 0.6.3 | ||
-Fixed start/stop script | ||
-Added new method for token configuration passin -> none to avoid password | ||
promptin at startup | ||
|
||
* Feb 9 2011 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed a memory error in config.c causing segfault on CRL reload | ||
-Set new requirements for libpki (0.6.3+) | ||
|
||
* Jan 22 2011 Massimiliano Pala <madwolf@openca.org> | ||
-Deleted extra two bytes sent out after the DER encoding of the response is written (that was causing Firefox/Thunderbird not to validate the answer) | ||
|
||
* Jan 14 2011 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed an error in return code check for PKI_NET_listen. | ||
-Due to bug fixing in Libpki, new Requirements for libpki is v0.6.2+ | ||
-Fixed error in config parsing when no bind address is provided | ||
|
||
* Nov 17 2010 Massimiliano Pala <madwolf@openca.org> | ||
-Small bug fixing | ||
-Tested with libpki v0.6.0 | ||
|
||
* Oct 23 2010 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed support for libpki 0.5.1 | ||
-Fixed some errors in init scripts and default configuration files | ||
|
||
* Jun 22 2010 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed support for LibPKI 0.5.0 | ||
-Fixed thread-scheduling issues | ||
-Finished support for HTTP GET method | ||
-Initial support for server-side SSL support | ||
-Fixed certificate request script | ||
-Fixed default configuration options and startup script | ||
|
||
* Sep 7 2009 Massimiliano Pala <madwolf@openca.org> | ||
- Full support for LibPKI (4.0+) | ||
- Updated configuration files to XML format | ||
- Started to add support for GET HTTP method | ||
|
||
* Sep 03 2009 Massimiliano Pala <madwolf@openca.org> | ||
- Initial support for LibPKI | ||
- Changed configuration files (added token.d/ hsm.d/ private/ dirs) | ||
- Added ocspd.xml config file | ||
- Added separate configuration files for different CAs (in ca.d/ dir) | ||
|
||
* Dec 17 2008 Massimiliano Pala <madwolf@openca.org> | ||
- Fixed thread problem with OpenSSL | ||
- Fixed compatibilities with Java 1.6.0 | ||
|
||
* Dec 3 2006 Massimiliano Pala <madwolf@openca.org> | ||
-Added exit message on stderr when server aborts during startup (useful | ||
for interactive startup of the server) | ||
-Added support for HTTP/1.1 "Host: <addr>" header when making HTTP | ||
requests in order to get data via HTTP protocol | ||
|
||
* Sun Oct 15 2006 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed HTTP HEADERS parsing problem | ||
-Tested behind an Apache Proxy | ||
-Added '-debug' startup option to output the HTTP head and additional | ||
informations to be pushed to stderr | ||
|
||
* Fri Oct 13 2006 Massimiliano Pala <madwolf@openca.org> | ||
-Completely changed the codebase in order to use threads instead | ||
of fork(). | ||
-Fixed compilation under Solaris (SunOS 5.11) | ||
-Added chroot() capabilities | ||
-Added options to set the number of threads to be pre-spawned | ||
-Fixed Socket creation under Solaris (Accept) | ||
-Moved from BIO_* interface to pure socket implementation for | ||
better Network options management | ||
|
||
* Tue Jul 18 2006 Massimiliano Pala <madwolf@openca.org> | ||
-Removed required index file option in the configuration file (was not | ||
used) | ||
|
||
* Mon Apr 24 2006 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed invalidity date problem (no more empty ext added to responses) | ||
-Added log reporting of returned status about a response when the | ||
verbose switch is used (before it was enabled only in DEBUG mode) | ||
|
||
* Mon Dec 19 2005 Massimiliano Pala <madwolf@openca.org> | ||
-Added chroot facility to enhance server security | ||
|
||
* Thu Nov 3 2005 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed compile against OpenSSL 0.9.8a | ||
-Fixed HTTP downloading routines for CRLs and CA certs | ||
-Fixed Solaris Port for Signal Handling on CRLs check and reloading | ||
|
||
* Thu Oct 20 2005 Massimiliano Pala <madwolf@openca.org> | ||
-Added extra checking on initialization of variables to avoid errors | ||
for ldap/http address parsing and usage | ||
|
||
* Thu Oct 6 2005 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed variables init (for Solaris) and code cleanup | ||
|
||
* Mon Aug 29 2005 Massimiliano Pala <madwolf@openca.org> | ||
-Added 3rd header in response to solve a CiscoIOS problem | ||
|
||
* Wed Jun 1 2005 Massimiliano Pala <madwolf@openca.org> | ||
-Modified the privilege management to allow for the server to run on | ||
ports < 1024 under not privileged user/group | ||
-Fixed some Solaris signal-handling definitions | ||
|
||
* Thu Apr 28 2005 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed RPM installation of man pages | ||
|
||
* Tue Apr 19 2005 Massimiliano Pala <madwolf@openca.org> | ||
-Spec file updated | ||
-Man pages updated with new configuration options | ||
-Fixed child re-spawning when HSM is active | ||
-Added support for CA/CRL downloading via HTTP | ||
|
||
* Fri Jan 28 2005 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed SIGHUP problem when auto_crl_reload was enabled | ||
-Fixed Solaris include for flock usage instead of semaphores | ||
-Added --enable-flock and --enable-semaphores in configure script | ||
|
||
* Tue Jan 18 2005 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed bug for nextUpdate and lastUpdate fields setting when reloading | ||
CRLs. | ||
-Added CA certificate loading from LDAP. | ||
-Added multiple CA certificate from the same cACertificate entry in LDAP. | ||
-Fixed Solaris putenv issues in configure.c | ||
-Added OS architecture specific targes in makefiles | ||
|
||
* Wed May 19 2004 Massimiliano Pala <madwolf@openca.org> | ||
-First support for new data structure for CRL lookup and multi CAs | ||
support (not working now) | ||
-Fixed configure.in for correct generation of config.h | ||
-Fixed configure.in for openldap ld options (for non-standard directories) | ||
|
||
* Mon May 17 2004 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed compilation problems on Solaris | ||
-Added support for exclusion of ldap usage (--disable-openldap) | ||
-Added support for openldap directory specification | ||
-Fixed signal handling and correct children death | ||
-Added pre-spawning of processes() | ||
|
||
* Thu May 13 2004 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed miscreation of responses when certificate is revoked | ||
-Fixed crl loading checking (segmentation fault on loading fixed) | ||
|
||
* Fri Jan 17 2003 Massimiliano Pala <madwolf@openca.org> | ||
-Correclty lookup using loaded CRL | ||
-Added extensions management from CRL to OCSP response | ||
|
||
* Mon Jan 13 2003 Massimiliano Pala <madwolf@openca.org> | ||
-Updated the sample (contrib/) configuration file | ||
-Added CRL retrivial from LDAP server | ||
-Added LDAP support (needs OpenLDAP libraries) | ||
-Added CRL retrivial from file | ||
|
||
* Oct 16 2002 Massimiliano Pala <madwolf@openca.org> | ||
-Added multi child spawning (max_childs_num) | ||
-Fixed zombi child presence | ||
|
||
* Feb 25 2002 Massimiliano Pala <madwolf@openca.org> | ||
-Fixed response generation | ||
-Added verbose information to syslog | ||
-Support for the index.txt db file | ||
-Addedd response generation related keywords in the configuration | ||
file |
Oops, something went wrong.