| Age | Commit message (Collapse) | Author |
|---|
|
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).
No functional changes.
|
|
Root and intermediate CA certificates should have these extensions set
to indicate that they are allowed to sign other certificates. The values
reported in these extensions is now also checked by `verify_chain` to
make sure no non-CA certificates are used to sign another certificate.
The certificate parser now also aborts when a critical extension is
detected which is unsupported, as is required by the specification.
|
|
With this change the certificate chain sent by the server will actually
be verified, instead of just checking the names of the certificates.
To determine if a certificate is signed by a root certificate, the list
of root certificates is now a HashMap mapping from the unique identifier
string to the certificate. This allows us to take the issuer of a
certificate and easily check if it is a root certificate. If a
certificate is not signed by a root certificate, we will check that it
is signed by the next certificate in the chain.
This also removes the ad-hoc checking of certificate validity from
multiple places, and moves all checking to the verify_chain.
|
|
This part of the certificate was originally just skipped, however it
will be needed to check the validity of the certificate.
|
|
|
|
|
|
|
|
|
|
SPDX License Identifiers are a more compact / standardized
way of representing file license information.
See: https://spdx.dev/resources/use/#identifiers
This was done with the `ambr` search and replace tool.
ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
|
|
As a nice side effect, also correctly test for certificate validity :^)
|
|
|
