libdcp/src/certificate_chain.cc, branch add-validity

Make certificate chain validity a parameter of the constructor.

2022-02-12T14:55:47Z

Bump default certificate validity period to 40 years.

2021-06-23T09:24:41Z

Cherry-picked from 9ec8f4724969c789c3add7edc7c548827f73d8a3 in master.

Be more cautious in CertificateChain::private_key_valid.

2020-03-10T21:24:46Z

Reject certificate chains where the adjacent certificates have the same subject.

2019-10-01T20:18:12Z

This is a backport of 31f31800705880da6ec185f9b31c7e125ae18c38 from master.

Slightly hacky but hopefully functional fix for KDMs after the changes

2019-01-24T17:34:37Z

to signer. The KDM stuff uses add_signature_value() but not sign() since it has to allow pass-through of a KDM (so it handles etc. itself). This means we have to make the indentation-adding optional. It might have been nicer to make indent() not add indentation if it's not already there.

Fully indent PKL/CPL.

2019-01-24T02:03:05Z

Attempt to fix Sony digest validation by indenting the

2019-01-24T02:03:05Z

and before signing. This is in the belief that, perhaps, the Sony software "reformats" the XML before checking that the signature is correct (or something).

Speculative removal of call to xmlSecKeySetName when signing, on

2019-01-14T15:32:58Z

the basis that I can't see what it's for and opendcp doesn't do it. Chasing Sony no-validate bug.

Remove old warning.

2018-07-09T01:12:23Z

Put xmlns:dsig on Signer and Signature rather than on the whole

2018-03-21T23:08:20Z

CPL/PKL as a certain large distribution company's checkers don't like having multiple namespaces: "XML root element can contain only one namespace"