libdcp/src/certificate_chain.cc, branch check-chains

Be more cautious in CertificateChain::private_key_valid.

2020-03-10T21:25:36Z

Bump default certificate validity period to 40 years.

2019-12-01T14:38:41Z

Reject certificate chains where the adjacent certificates have the same subject.

2019-06-26T14:54:09Z

Slightly hacky but hopefully functional fix for KDMs after the changes

2019-01-24T17:34:37Z

to signer. The KDM stuff uses add_signature_value() but not sign() since it has to allow pass-through of a KDM (so it handles etc. itself). This means we have to make the indentation-adding optional. It might have been nicer to make indent() not add indentation if it's not already there.

Fully indent PKL/CPL.

2019-01-24T02:03:05Z

Attempt to fix Sony digest validation by indenting the

2019-01-24T02:03:05Z

and before signing. This is in the belief that, perhaps, the Sony software "reformats" the XML before checking that the signature is correct (or something).

Speculative removal of call to xmlSecKeySetName when signing, on

2019-01-14T15:32:58Z

the basis that I can't see what it's for and opendcp doesn't do it. Chasing Sony no-validate bug.

Remove old warning.

2018-07-09T01:12:23Z

Put xmlns:dsig on Signer and Signature rather than on the whole

2018-03-21T23:08:20Z

CPL/PKL as a certain large distribution company's checkers don't like having multiple namespaces: "XML root element can contain only one namespace"

Use string_mask = nombstr so that openssl uses PRINTABLESTRING

2018-03-09T00:53:12Z

rather than UTF8STRING when putting things like Organization into certificates. SMPTE 430/2/2006 specifies this, and apparently Waimea raises an error if UTF8STRING is used (as seems to be openssl's default).