summaryrefslogtreecommitdiff
path: root/src/certificate_chain.cc
AgeCommit message (Collapse)Author
2026-03-20Allow build with static xmlsec1.Carl Hetherington
2025-11-13Don't check the certificate not before/after validity in chain_valid().v1.10.40Carl Hetherington
I think this should be checked separately, as out-of-date certificates are still useful (e.g. if they are related to KDM decryption).
2025-11-13Cleanup: lose a temporary variable.Carl Hetherington
2025-05-17Remove out-of-date comment.Carl Hetherington
2025-01-31Fix up for const fix in libcxml.v1.10.9Carl Hetherington
2024-12-30Add an assertion.Carl Hetherington
2024-03-20Replace xmlpp::Node::add_child with cxml::add_child.Carl Hetherington
2024-01-09Fix escaping of certificate dnQualifier (public key digests) on creation ↵v1.8.93Carl Hetherington
(DoM #2716).
2024-01-08Use OpenSSL C API for public_key_digest instead of calling the openssl binary.Carl Hetherington
2024-01-08Make public_key_digest() testable.Carl Hetherington
2023-10-09Add wrappers around boost::filesystem methods that handle theCarl Hetherington
required mangling of long filenames on Windows. Also wrap lots of missing places (e.g. calls to asdcplib, libxml++, libcxml etc.) in dcp::filesystem::fix_long_path(). The idea is to keep paths un-mangled until they we call some filesystem-related API and mangle them at that point. Otherwise we end up serialising mangled names, which seems like it will not end well. Should fix DoM #2623.
2023-08-15Fix use-after-free in error case.Carl Hetherington
2022-12-22Give a better error from chain_valid() when a certificate has some problem ↵Carl Hetherington
(e.g. it has expired).
2022-02-12Pass certificate validity length into the constructor.v1.8.7Carl Hetherington
2021-04-14Fix/hide some warnings.Carl Hetherington
2021-01-31Fix strange Windows build error introduced in ↵Carl Hetherington
6c37cc1979b2a01205a888c4c98f3334685ee8dd
2021-01-23Tidying.Carl Hetherington
2021-01-22Assorted c++11 cleanups.Carl Hetherington
2021-01-21Use enum class for the things in types.hCarl Hetherington
2021-01-17Replace std::list with std::vector in the API.Carl Hetherington
2020-03-10Be more cautious in CertificateChain::private_key_valid.Carl Hetherington
2019-12-01Bump default certificate validity period to 40 years.Carl Hetherington
2019-06-26Reject certificate chains where the adjacent certificates have the same subject.Carl Hetherington
2019-01-24Slightly hacky but hopefully functional fix for KDMs after the changesCarl Hetherington
to signer. The KDM stuff uses add_signature_value() but not sign() since it has to allow pass-through of a KDM (so it handles <Signature> etc. itself). This means we have to make the indentation-adding optional. It might have been nicer to make indent() not add indentation if it's not already there.
2019-01-24Fully indent PKL/CPL.Carl Hetherington
2019-01-24Attempt to fix Sony digest validation by indenting the <Signer>Carl Hetherington
and <Signature> before signing. This is in the belief that, perhaps, the Sony software "reformats" the XML before checking that the signature is correct (or something).
2019-01-14Speculative removal of call to xmlSecKeySetName when signing, onCarl Hetherington
the basis that I can't see what it's for and opendcp doesn't do it. Chasing Sony no-validate bug.
2018-07-09Remove old warning.Carl Hetherington
2018-03-21Put xmlns:dsig on Signer and Signature rather than on the wholeCarl Hetherington
CPL/PKL as a certain large distribution company's checkers don't like having multiple namespaces: "XML root element can contain only one namespace"
2018-03-09Use string_mask = nombstr so that openssl uses PRINTABLESTRINGCarl Hetherington
rather than UTF8STRING when putting things like Organization into certificates. SMPTE 430/2/2006 specifies this, and apparently Waimea raises an error if UTF8STRING is used (as seems to be openssl's default).
2017-06-05Fix up management of certificate chain validity.Carl Hetherington
2017-04-04More error information from CertificateChain::valid.Carl Hetherington
2016-11-10Fix build with OpenSSL 1.1 and later.Carl Hetherington
2016-08-25Tweak assert.Carl Hetherington
2016-08-25Allow reading of certificate chains from strings.Carl Hetherington
This also makes the Certificate constructor throw if it finds extra stuff after a certificate it is loading.
2016-08-11More stringstream removal.Carl Hetherington
2016-08-04Add method to return a base-64 version of a whole CertificateChain.Carl Hetherington
2016-07-22Use locked_sstream. Replace once parse_stream with parse_memory.Carl Hetherington
2016-07-01asdcp headers moved into subdirectory.Carl Hetherington
2016-06-13Add OpenSSL licence exception.Carl Hetherington
2016-06-02Remove unused variable.Carl Hetherington
2016-06-01Still more licence fixups.Carl Hetherington
2016-05-25No-op; Fix GPL address and mention libdcp by name.Carl Hetherington
2015-10-19Use std::runtime_error instead of our own StringError asCarl Hetherington
a) it does the same job and b) its type and what() survive the boundary between the libdcp .so and the main DCP-o-matic executable. Before this StringError-derived exceptions caught by DCP-o-matic were only recognised as std::exceptions (without the what()) message. I don't know why this happens, but this works around it.
2015-07-30Merge Signer into CertificateChain.Carl Hetherington
2015-07-12Move CertificateChain into the right header.Carl Hetherington
2015-06-24No-op: whitespace.Carl Hetherington
2015-01-28Some OS X build fixes.Carl Hetherington
2014-09-18Quote openssl -subj strings.Carl Hetherington
2014-09-11Allow Signer and certificate chains to be made with specified organisation, ↵Carl Hetherington
common name etc.
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-06 16:09:14 +0000