Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-11-27 | Testsuite: regenerate CA trees with 2048-bit keys | Jeremy Harris | |
This is to support RHEL 8.0 where OpenSSL dislikes 1024 | |||
2017-12-18 | Testsuite: move CRL testcases away from using SHA1-signed certs | Jeremy Harris | |
2017-12-16 | Testsuite: regenerate certs tree | Jeremy Harris | |
2017-12-16 | Testsuite: testcase for Bug 2198 | Jeremy Harris | |
2017-12-03 | Testsuite: regen certs trees, now with OCSP response for one EC cert | Jeremy Harris | |
2017-11-07 | TLS: support multiple certificate files in server. Bug 2092 | Jeremy Harris | |
2017-01-31 | Testsuite: use certs expring before end of 2037, to avoid GnuTLS top-limit ↵ | Jeremy Harris | |
clamp on small-size_t platforms | |||
2016-11-02 | Testsuite: regen certs, now with additional LetsEncrypt-style OCSP proofs | Jeremy Harris | |
2015-12-17 | DANE: do not override a cert verify failure, in callback. Also fix some ↵ | Jeremy Harris | |
test mistakes | |||
2014-04-24 | Support OCSP Stapling under GnuTLS. Bug 1459 | Jeremy Harris | |
Requires GnuTLS version 3.1.3 or later. Under EXPERIMENTAL_OCSP | |||
2013-12-15 | Increase test CA key sizes from 512 to 1024 to handle TLS1.2 digest sizes. | Jeremy Harris | |
2013-03-25 | OCSP-stapling enhancement and testing. | Jeremy Harris | |
Server: Honor environment variable as well as running_in_test_harness in permitting bogus staplings Update server tests Add "-ocsp" option to client-ssl. Server side: add verification of stapled status. First cut server-mode ocsp testing. Fix some uninitialized ocsp-related data. Client (new): Verify stapling using only the chain that verified the server cert, not any acceptable chain. Add check for multiple responses in a stapling, which is not handled Refuse verification on expired and revoking staplings. Handle OCSP client refusal on lack of stapling from server. More fixing in client OCSP: use the server cert signing chain to verify the OCSP info. Add transport hosts_require_ocsp option. Log stapling responses. Start on tests for client-side. Testing support: Add CRL generation code and documentation update Initial CA & certificate set for testing. BUGFIX: Once a single OCSP response has been extracted the validation routine return code is no longer about the structure, but the actual returned OCSP status. |