Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added RFC 5280 "must" checks #1353

Merged
merged 5 commits into from Feb 14, 2018

Conversation

Projects
None yet
2 participants
@dgarske
Copy link
Contributor

commented Feb 6, 2018

  • Added check to enforce RFC 5280 Sec 4.2.1.10 rule: "The name constraints extension, which MUST be used only in a CA certificate".

  • Added check to enforce RFC 5280 Sec 4.2.1.6: "The name MUST NOT be a relative URI". Verifies the URI contains "://".

  • Added new define WOLFSSL_NO_ASN_STRICT to restore old behavior for compatibility.

  • Fix wc_port time HAVE_RTP_SYS (noticed it was missed during ASN time move to wc_port).

@dgarske dgarske self-assigned this Feb 7, 2018

dgarske added some commits Feb 6, 2018

Added check to enforce RFC 5280 Sec 4.2.1.10 rule: "The name constrai…
…nts extension, which MUST be used only in a CA certificate". Added new define `WOLFSSL_NO_ASN_STRICT` to restore old behavior for compatability. Fix wc_port time `HAVE_RTP_SYS` (noticed it was missed during ASN time move to wc_port).
Fix to enforce RFC 5280 Sec 4.2.1.6: "The name MUST NOT be a relative…
… URI". Verifies the URI contains "://". Can be disabled using `WOLFSSL_NO_ASN_STRICT`.
Added check to enforce RFC 5280 Sec 4.2: "A certificate MUST NOT incl…
…ude more than one instance of a particular extension". Refactor of the `DecodedCert` struct to combine bit type options into bit-fields. Fix for wolfCrypt test for error codes to allow `-161`.
Fix to resolve wolfCrypt test for `cert_test nameConstraints test. Fi…
…xed ASN check to properly determine if certificate is CA type.

@dgarske dgarske force-pushed the dgarske:asn_strict branch from a35a73b to c2a0de9 Feb 7, 2018

@dgarske dgarske assigned toddouska and unassigned dgarske Feb 7, 2018

@toddouska
Copy link
Contributor

left a comment

thanks

@toddouska toddouska merged commit 9a4fe0f into wolfSSL:master Feb 14, 2018

10 checks passed

Clang --enable-all Check Static Analysis - OK
Details
Disable Options Test Disable Options Test - Passed
Details
Enable Options Test Enable Options Test - Passed
Details
Fips Check Fips Check - Passed
Details
Pull Request Manager All Tests Successfully Launched.
Details
Scan-Build Analysis Static Analysis - Good
Details
Testing known customer configurations known configurations - Passed
Details
Valgrind Test Valgrind Test - No Leaks
Details
Visual Studio Build Test Visual Studio Build Test - Passed
Details
fsanitize=address test fsanitize check - OK
Details

@dgarske dgarske deleted the dgarske:asn_strict branch Feb 15, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.