1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
|
------------------------------------------------------------------------
r18710 | msalle | 2016-08-25 22:47:41 +0200 (Thu, 25 Aug 2016) | 9 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/lcmaps_proxylifetime.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Fix last warnings from released openssl 1.1
ASN1_STRING_data() has been deprecated and replaced with ASN1_STRING_get0_data()
which returns const unsigned char* instead of char of unsigned char*. Easiest to
handle is to rename verify_asn1TimeToTimeT(const char*) into
verify_str_asn1TimeToTimeT and make new verify_asn1TimeToTimeT(ASN1_TIME *)
which does the cast and calls the other.
Also final version of X509_get0_signature() and X509_ALGOR_get0() want resp.
const X509_ALGOR** and const ASN1_OBJECT ** as arguments.
------------------------------------------------------------------------
r18684 | msalle | 2016-08-01 17:15:35 +0200 (Mon, 01 Aug 2016) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Fix typo in openssl version number, remove unused variables and work around
ERR_PACK() mismatch with man-page (args should be unsigned, not signed).
------------------------------------------------------------------------
r18683 | msalle | 2016-08-01 14:33:29 +0200 (Mon, 01 Aug 2016) | 9 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Adapt code to work around OpenSSL 1.1 code changes. In OpenSSL 1.1 many struct
members have become private and setters/getters need to be used instead.
Since at the same time also the d2i and i2d macros have been removed
(asn1_mac.h) we rework the init_*_proxy_extension() functions to use an item ref
instead. This is slightly complicated for the GT3 proxy, which can have either a
GT3-style proxy cert info or a RFC-style proxy cert info (when created using
Java-based voms-proxy-init via canl). For that sub-case, we allow temporarily
changing the struct member.
------------------------------------------------------------------------
r18671 | msalle | 2016-05-30 12:04:37 +0200 (Mon, 30 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/ChangeLog
Update ChangeLog
------------------------------------------------------------------------
r18670 | msalle | 2016-05-30 11:18:18 +0200 (Mon, 30 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Log whether a proxy is a VOMS proxy (contains a VOMS AC extension).
------------------------------------------------------------------------
r18669 | msalle | 2016-05-30 10:33:59 +0200 (Mon, 30 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Do proper self-signed cert test for CAs by checking signature.
------------------------------------------------------------------------
r18668 | msalle | 2016-05-29 21:21:57 +0200 (Sun, 29 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/ChangeLog
Update ChangeLog
------------------------------------------------------------------------
r18667 | msalle | 2016-05-29 21:20:07 +0200 (Sun, 29 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/BUGS
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Fix memleak introduces in 1.5.8
------------------------------------------------------------------------
r18665 | msalle | 2016-05-27 16:50:59 +0200 (Fri, 27 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Fix two spelling errors
------------------------------------------------------------------------
r18661 | msalle | 2016-05-27 16:09:05 +0200 (Fri, 27 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/ChangeLog
Updating Changelog
------------------------------------------------------------------------
r18660 | msalle | 2016-05-27 16:08:39 +0200 (Fri, 27 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/BUGS
Update BUGS file
------------------------------------------------------------------------
r18659 | msalle | 2016-05-27 15:59:41 +0200 (Fri, 27 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/README
Minor updates in the README (mostly URLs)
------------------------------------------------------------------------
r18658 | msalle | 2016-05-27 15:51:53 +0200 (Fri, 27 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/ChangeLog
Update ChangeLog for 1.5.8 release
------------------------------------------------------------------------
r18657 | msalle | 2016-05-19 16:11:52 +0200 (Thu, 19 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Fix comment of grid_check_sigalg() to match the actual code
------------------------------------------------------------------------
r18656 | msalle | 2016-05-18 13:38:43 +0200 (Wed, 18 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Don't verify/log signing algorithm for root CAs
------------------------------------------------------------------------
r18655 | msalle | 2016-05-17 13:09:04 +0200 (Tue, 17 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
Update NEWS for key strength
------------------------------------------------------------------------
r18654 | msalle | 2016-05-17 13:08:10 +0200 (Tue, 17 May 2016) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Log key length of all certs, not just the proxies and warn for too small (<2048
for EECs and CAs). Only log once in case of warning. Use one #define for all
OBJ_obj2txt buffers of size 80.
------------------------------------------------------------------------
r18653 | msalle | 2016-05-13 11:14:24 +0200 (Fri, 13 May 2016) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
We log the signature algorithm for every certificate in the chain. For MD5 (or
older) algorithms we log on LOG_WARNING. We do not (yet) fail on MD*. Newest
Java already fails by default.
------------------------------------------------------------------------
r18650 | msalle | 2016-05-09 10:55:16 +0200 (Mon, 09 May 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
Update NEWS file for OpenSSL DigitialSignature workaround
------------------------------------------------------------------------
r18649 | msalle | 2016-05-09 10:49:11 +0200 (Mon, 09 May 2016) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Only set EXFLAG_PROXY for actual proxy certificates. Otherwise, OpenSSL
verification code fails for CA certificates not containing Digital Signature,
such as the CILogon Basic CA (thanks to Brian for finding it and Jan Just for
verifying why the workaround works).
------------------------------------------------------------------------
r18554 | msalle | 2016-01-21 17:51:39 +0100 (Thu, 21 Jan 2016) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/doc/verify-proxy-tool.1.in
Update manpage for new commandline option
------------------------------------------------------------------------
r18548 | msalle | 2015-12-18 11:56:32 +0100 (Fri, 18 Dec 2015) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
Improvements. Version 1.5.8
- verify-proxy-tool has extra option -t|--atnotbefore to verify the chain at
the notBefore time (actually 5min afterwards)
------------------------------------------------------------------------
r18468 | msalle | 2015-07-16 11:27:12 +0200 (Thu, 16 Jul 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Clearify code flow.
------------------------------------------------------------------------
r18406 | msalle | 2015-05-13 15:31:47 +0200 (Wed, 13 May 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/ChangeLog
Update ChangeLog
------------------------------------------------------------------------
r18405 | msalle | 2015-05-13 15:31:21 +0200 (Wed, 13 May 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
Fix calling of verify_error()
------------------------------------------------------------------------
r18403 | msalle | 2015-05-13 14:18:40 +0200 (Wed, 13 May 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/ChangeLog
Update ChangeLog for release
------------------------------------------------------------------------
r18402 | msalle | 2015-05-13 14:02:38 +0200 (Wed, 13 May 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
Fix mem leak.
------------------------------------------------------------------------
r18401 | msalle | 2015-05-13 13:29:10 +0200 (Wed, 13 May 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
Initialize verify data to prevent segv.
------------------------------------------------------------------------
r18400 | msalle | 2015-05-13 13:25:52 +0200 (Wed, 13 May 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
Missed three...
------------------------------------------------------------------------
r18399 | msalle | 2015-05-13 13:24:18 +0200 (Wed, 13 May 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
Fix calls to verify_error
------------------------------------------------------------------------
r18398 | msalle | 2015-05-13 13:11:02 +0200 (Wed, 13 May 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
Check return value of stat.
------------------------------------------------------------------------
r18397 | msalle | 2015-05-13 12:31:27 +0200 (Wed, 13 May 2015) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/doc/Makefile.am
D /trunk/lcmaps-plugins-verify-proxy/doc/lcmaps_verify_proxy.mod.8
A /trunk/lcmaps-plugins-verify-proxy/doc/lcmaps_verify_proxy.mod.8.in (from /trunk/lcmaps-plugins-verify-proxy/doc/lcmaps_verify_proxy.mod.8:18396)
A /trunk/lcmaps-plugins-verify-proxy/doc/verify-proxy-tool.1.in
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
Install commandline tool as verify-proxy-tool to prevent name-clash with Jan
Just's grid-proxy-verify. Add rudimentary manpage, update NEWS file and put
package name and version in manpage.
------------------------------------------------------------------------
r18389 | msalle | 2015-04-28 12:03:17 +0200 (Tue, 28 Apr 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Update logged function name to actual current function name.
------------------------------------------------------------------------
r18384 | msalle | 2015-04-22 17:21:55 +0200 (Wed, 22 Apr 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/scas/NEWS
Update NEWS files for latest changes.
------------------------------------------------------------------------
r18368 | msalle | 2015-04-21 13:03:51 +0200 (Tue, 21 Apr 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Add clarification on the importance of initializing the certcheck counter.
------------------------------------------------------------------------
r18353 | msalle | 2015-04-16 14:40:11 +0200 (Thu, 16 Apr 2015) | 10 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/util/grid-proxy-verify.c
- Just define logstr, don't try to check whether __func__ is defined (we don't
do with other functions either).
- Check for return val NULL of X509_NAME_oneline()
- unused grid-proxy-verify.c:
* fix dereferencing bug
* check for NULL return val of X509_NAME_oneline()
* don't check for NULL when calling free()
* reinsert main()
------------------------------------------------------------------------
r18341 | msalle | 2015-04-14 18:19:55 +0200 (Tue, 14 Apr 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.c
Fix warnings from cppcheck
------------------------------------------------------------------------
r18338 | msalle | 2015-04-14 11:04:23 +0200 (Tue, 14 Apr 2015) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Fix recognizing legacy proxies for empty subject EECs
Reuse a few strlen() calls.
------------------------------------------------------------------------
r18336 | msalle | 2015-03-31 14:09:28 +0200 (Tue, 31 Mar 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
Few more additions
------------------------------------------------------------------------
r18335 | msalle | 2015-03-31 14:01:33 +0200 (Tue, 31 Mar 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
Update NEWS file with latest updates.
------------------------------------------------------------------------
r18333 | msalle | 2015-03-30 16:17:17 +0200 (Mon, 30 Mar 2015) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
Continue to check (also) GT3 pci extension when we found a RFC pci, to catch
dual certificates having both (=evil).
Move istype() macro to verify-lib/src_internal/_verify_x509.h and rename in CERTISTYPE()
------------------------------------------------------------------------
r18332 | msalle | 2015-03-27 16:10:42 +0100 (Fri, 27 Mar 2015) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.c
Java voms-proxy-init creates GT3 proxies with RFC-ordered proxycertinfo: make
sure we can handle those. Try first 'official' GT3, then fallback on RFC-type
------------------------------------------------------------------------
r18331 | msalle | 2015-03-27 15:14:47 +0100 (Fri, 27 Mar 2015) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.c
Add comments to clarify compiler warnings coming from incorrect cast, due to
borked openssl macros (known issue).
------------------------------------------------------------------------
r18330 | msalle | 2015-03-27 14:40:52 +0100 (Fri, 27 Mar 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
Make CA_dir const char * to suppress compiler warning.
------------------------------------------------------------------------
r18329 | msalle | 2015-03-27 14:15:32 +0100 (Fri, 27 Mar 2015) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_log.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Remove unused variable
Move sometimes unused macro to the right place
Fix invalid return of "" instead of strdup(""), since it will be freed.
------------------------------------------------------------------------
r18328 | msalle | 2015-03-27 13:07:55 +0100 (Fri, 27 Mar 2015) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Minor changing in the logging. Also, delay both expired and not-yet-valid errors
till later.
------------------------------------------------------------------------
r18322 | msalle | 2015-03-20 16:33:45 +0100 (Fri, 20 Mar 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Only use proxy pathlen error code for newer (-; openssl versions.
------------------------------------------------------------------------
r18321 | msalle | 2015-03-20 16:21:23 +0100 (Fri, 20 Mar 2015) | 6 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
- Further fix logging of expected proxy:
when all types of proxy are fine: "any type of ", when any language: "proxy of
any language". This way we get e.g. 'any type of limited proxy' etc.
- update return values of grid_verifyChain() to be more instructive
- use istype() macro also in other places.
------------------------------------------------------------------------
r18320 | msalle | 2015-03-19 17:50:38 +0100 (Thu, 19 Mar 2015) | 23 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
- merge OLD_PROXYCERTINFO_OID with identical GLOBUS_PROXY_V3_OID, only use
latter.
- Fully remove GLOBUS_PROXY_V2_OID
- Add support for Any Language policy language, 1.3.6.1.5.5.7.21.0
- Make much more use of flag structure: check type has limited flag instead of
actual comparison for all types.
- New function get_proxy_lang() to get add proxy type from the proxy cert info
extension: can use for both GT3 and RFC. This simplifies
verify_type_of_proxy()
- fix mem leak when pc pathlen was exceeded (issuer dn)
- remove check for proxy CN for RFC and GT3 proxies, as that's already done
elsewhere
- make grid_certificate_type_str() public in the form
verify_certificate_type_str() and rework using macros to make it much cleaner.
- replace grid_generate_proxy_expectation_error_message() into
grid_get_expected_proxy_string() which is also much cleaner, completer (and
perhaps faster).
- rename grid_verifyPathLenConstraints() into grid_verifyChain() to reflect the
actual function
- implement 'caching' for grid_verifyChain, to return X509_V_OK directly if we
previously returned that: no point in checking the entire chain multiple
times.
------------------------------------------------------------------------
r18319 | msalle | 2015-03-18 17:54:52 +0100 (Wed, 18 Mar 2015) | 20 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
- Merge grid_verifyProxy() into grid_verifyPathLenConstraints()
- Fix bug with obtaining proxy pathlen for GT3: have to do by hand, not using
cert->ex_pcpathlen. We implement a generic get_proxy_pathlength() function.
- Use GLOBUS_PROXY_V3_SN and GLOBUS_PROXY_V3_LN for defining the object
- sync the PROXYPOLICY and PROXYCERTINFO with openssl internal
- use the _new and _free function created using the DECLARE_ASN1_FUNCTIONS() and
IMPLEMENT_ASN1_FUNCTIONS() macros
- simplify and cleanup verify_X509_verify()
- replace looping over extension and obtaining right ones by hand using
X509_get_ext_d2i() instead of X509_get_ext(), X509_EXTENSION_get_object(),
OBJ_obj2txt() etc.
- Add comments to _verify_proxy_certinfo.c and use the
IMPLEMENT_ASN1_FUNCTIONS() macros
- only call d2i_myPROXYCERTINFO_v3 for a GT3 proxy, not both with failover.
- fix off-by-one error in myproxycertinfo_i2s()
- Replace bogus cast function into 'log-error-message' function for
myproxycertinfo_s2i()
- Don't check extension GLOBUS_PROXY_V2_OID, it's defined as RFC. There is no
GT2 proxy oid.
------------------------------------------------------------------------
r18318 | msalle | 2015-03-16 17:17:52 +0100 (Mon, 16 Mar 2015) | 7 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Further memory cleanup:
- should call myPROXYCERTINFO_free() on proxy certinfo, hence make it public.
- should call X509_STORE_CTX_free() and X509_STORE_free() also in case of failure.
Use definitions of PROXYPOLICY and PROXYCERTINFO in verify_x509_datatypes.h
(latter extended with version field) for those in _verify_proxy_certinfo.c
------------------------------------------------------------------------
r18317 | msalle | 2015-03-16 14:47:38 +0100 (Mon, 16 Mar 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Fix few memory leaks.
------------------------------------------------------------------------
r18316 | msalle | 2015-03-16 13:27:37 +0100 (Mon, 16 Mar 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.h
Add comments.
------------------------------------------------------------------------
r18315 | msalle | 2015-03-13 15:37:52 +0100 (Fri, 13 Mar 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.c
Some parameters should be const looking at the openSSL prototypes.
------------------------------------------------------------------------
r18314 | msalle | 2015-03-13 15:08:34 +0100 (Fri, 13 Mar 2015) | 7 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
D /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/Makefile
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/Makefile.standalone (from /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/Makefile:18305)
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.c
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_proxy_certinfo.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Fix building of standalone-tool: it needs the GT3 proxy definition:
- copy and slightly adapt the GT3 and RFC proxy cert info definitions and add as
two new files: _verify_proxy_certinfo.[ch]
- also build the binary tool grid-proxy-verify
Fix minor two compiler warnings.
------------------------------------------------------------------------
r18312 | msalle | 2015-03-12 22:23:23 +0100 (Thu, 12 Mar 2015) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Redefine proxy types in terms of basic proxy certinfo type (e.g. GT2, RFC) and
policy language type (e.g. IMPERSONATION, LIMITED).
------------------------------------------------------------------------
r18307 | msalle | 2015-03-12 16:09:31 +0100 (Thu, 12 Mar 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
Next version should be 1.5.7
------------------------------------------------------------------------
r18306 | msalle | 2015-03-12 15:34:25 +0100 (Thu, 12 Mar 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
Update NEWS file and version
------------------------------------------------------------------------
r18305 | msalle | 2015-03-12 15:26:25 +0100 (Thu, 12 Mar 2015) | 13 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Add support and better logging of non-impersonation proxies such as independent
and limited. The old code would wrongly categorize the less standard proxies due
to undefined NIDs. E.g. an unknown policy language (which is a 'restricted
proxy') would be categorized as limited. We now explicitly check that all used
NIDs for the known types are actually defined.
We currently handle independent and restricted proxies almost identical to the
'normal' ones concerning mixed chains: limited may only be followed by limited,
but can follow anything.
For simplicity we do the same for GT3 proxies as for RFC proxies, although it's
unclear whether independent and restricted proxies make any sense for GT3.
We use grid_certificate_type_str() for logging the type, i.e. code reuse.
------------------------------------------------------------------------
r18304 | msalle | 2015-03-11 12:25:35 +0100 (Wed, 11 Mar 2015) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Fix two typos
------------------------------------------------------------------------
r18302 | msalle | 2015-03-11 10:49:16 +0100 (Wed, 11 Mar 2015) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Remove code duplication for pathlength checks.
Also do pathlength checks for GT3 proxies.
------------------------------------------------------------------------
r18301 | msalle | 2015-03-11 10:18:02 +0100 (Wed, 11 Mar 2015) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Add error message in case of verification failure: log depth and DN of failed
certificate in separate error message.
------------------------------------------------------------------------
r18115 | msalle | 2014-12-03 17:56:17 +0100 (Wed, 03 Dec 2014) | 2 lines
Changed paths:
M /trunk/glexec/LICENSE
M /trunk/jobrepository/LICENSE
M /trunk/lcas/LICENSE
M /trunk/lcas-plugins-basic/LICENSE
M /trunk/lcas-plugins-check-executable/LICENSE
M /trunk/lcas-plugins-voms/LICENSE
M /trunk/lcmaps-plugins-afs/LICENSE
M /trunk/lcmaps-plugins-basic/LICENSE
M /trunk/lcmaps-plugins-tracking-groupid/LICENSE
M /trunk/lcmaps-plugins-verify-proxy/LICENSE
M /trunk/lcmaps-plugins-voms/LICENSE
M /trunk/scas/LICENSE
Change to pure Apache 2.0 license
------------------------------------------------------------------------
r17948 | dennisvd | 2014-08-07 18:31:05 +0200 (Thu, 07 Aug 2014) | 2 lines
Changed paths:
M /trunk/glexec/LICENSE
M /trunk/jobrepository/LICENSE
M /trunk/lcas/LICENSE
M /trunk/lcas-plugins-basic/LICENSE
M /trunk/lcas-plugins-check-executable/LICENSE
M /trunk/lcas-plugins-voms/LICENSE
M /trunk/lcmaps-plugins-afs/LICENSE
M /trunk/lcmaps-plugins-basic/LICENSE
M /trunk/lcmaps-plugins-c-pep/LICENSE
M /trunk/lcmaps-plugins-gums/LICENSE
M /trunk/lcmaps-plugins-jobrep/LICENSE
M /trunk/lcmaps-plugins-lcas/LICENSE
M /trunk/lcmaps-plugins-scas-client/LICENSE
M /trunk/lcmaps-plugins-tracking-groupid/LICENSE
M /trunk/lcmaps-plugins-verify-proxy/LICENSE
M /trunk/lcmaps-plugins-voms/LICENSE
M /trunk/scas/LICENSE
Replaced license text with the Apache License 2.0
------------------------------------------------------------------------
r17852 | msalle | 2014-07-08 20:34:10 +0200 (Tue, 08 Jul 2014) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/lcmaps_proxylifetime.c
Fix missing )
------------------------------------------------------------------------
r17851 | msalle | 2014-07-08 19:23:48 +0200 (Tue, 08 Jul 2014) | 3 lines
Changed paths:
M /trunk/ees/src/main/main.c
M /trunk/glexec/src/main_util.c
M /trunk/lcas-lcmaps-gt4-interface/src/llgt_utils.c
M /trunk/lcmaps/src/pluginmanager/lcmaps_log.c
M /trunk/lcmaps-plugins-afs/src/afs/lcmaps_afs.c
M /trunk/lcmaps-plugins-basic/src/ban_dn/lcmaps_ban_dn.c
M /trunk/lcmaps-plugins-basic/src/dummy/lcmaps_dummy_bad.c
M /trunk/lcmaps-plugins-basic/src/dummy/lcmaps_dummy_good.c
M /trunk/lcmaps-plugins-basic/src/gridlist/lcmaps_gridlist.c
M /trunk/lcmaps-plugins-basic/src/ldap_enf/lcmaps_ldap.c
M /trunk/lcmaps-plugins-basic/src/localaccount/lcmaps_localaccount.c
M /trunk/lcmaps-plugins-basic/src/poolaccount/lcmaps_poolaccount.c
M /trunk/lcmaps-plugins-basic/src/posix_enf/lcmaps_posix.c
M /trunk/lcmaps-plugins-c-pep/src/c-pep/lcmaps_c_pep.c
M /trunk/lcmaps-plugins-c-pep/src/c-pep/pep-c-obligation-handlers.c
M /trunk/lcmaps-plugins-c-pep/src/c-pep/pep-c-obligation-handlers_helpers.c
M /trunk/lcmaps-plugins-jobrep/src/api/jobrep_odbc_api.c
M /trunk/lcmaps-plugins-jobrep/src/jobrep/jobrep_data_handling.c
M /trunk/lcmaps-plugins-jobrep/src/jobrep/lcmaps_jobrep.c
M /trunk/lcmaps-plugins-tracking-groupid/src/tracking_groupid/lcmaps_tracking_groupid.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/lcmaps_proxylifetime.c
M /trunk/lcmaps-plugins-voms/src/gridlist/lcmaps_gridlist.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_ban_fqan.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms_localaccount.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms_localgroup.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms_poolaccount.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms_poolgroup.c
M /trunk/scas/src/scas-server/logging/scas_log.c
M /trunk/scas/src/scas-server/main.c
Fix compiler warnings resulting from casts, format etc.
------------------------------------------------------------------------
r17841 | msalle | 2014-07-07 21:41:18 +0200 (Mon, 07 Jul 2014) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Fix format problems
------------------------------------------------------------------------
r17834 | msalle | 2014-07-07 17:53:13 +0200 (Mon, 07 Jul 2014) | 2 lines
Changed paths:
M /trunk/glexec/src/glexec_environ.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_log.h
M /trunk/scas/src/scas-server/logging/scas_log.h
Add format attribute to log-type functions
------------------------------------------------------------------------
r17739 | msalle | 2014-04-11 16:32:51 +0200 (Fri, 11 Apr 2014) | 8 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_log.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
For the EEC as determined in the grid_verifyPathLenConstraints() function, also
print the CA hash, the serial number, the dNSName and rfc822name Subject
Alternative Names, and the certificate policy OIDs.
Simplify the code for the grid_get_serialStr() using the ASN1_INTEGER_to_BN()
and BN_bn2hex() calls.
Do not write Info: etc. in front of the messages in case we're logging via
LCMAPS, use the __func__ prefix instead.
------------------------------------------------------------------------
r17729 | msalle | 2014-04-09 16:14:36 +0200 (Wed, 09 Apr 2014) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
Update version and NEWS file
------------------------------------------------------------------------
r17728 | msalle | 2014-04-09 16:08:07 +0200 (Wed, 09 Apr 2014) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Improve logging to be more concise and at the same time informative both on INFO
and DEBUG level.
------------------------------------------------------------------------
r17718 | msalle | 2014-04-02 09:16:19 +0200 (Wed, 02 Apr 2014) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
Only print ERR_{reason,func,lib}_error_string() when reason is non-zero.
Otherwise print ERR_error_string().
------------------------------------------------------------------------
r17624 | msalle | 2014-03-10 15:39:13 +0100 (Mon, 10 Mar 2014) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-basic/configure.ac
M /trunk/lcmaps-plugins-jobrep/configure.ac
M /trunk/lcmaps-plugins-lcas/configure.ac
M /trunk/lcmaps-plugins-scas-client/configure.ac
M /trunk/lcmaps-plugins-tracking-groupid/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-voms/configure.ac
Fix typo in reverting the CPPFLAGS
------------------------------------------------------------------------
r17611 | msalle | 2014-03-06 11:38:59 +0100 (Thu, 06 Mar 2014) | 4 lines
Changed paths:
A /trunk/lcmaps-plugins-basic/BUGS
M /trunk/lcmaps-plugins-basic/Makefile.am
M /trunk/lcmaps-plugins-c-pep/BUGS
M /trunk/lcmaps-plugins-jobrep/BUGS
M /trunk/lcmaps-plugins-jobrep/Makefile.am
M /trunk/lcmaps-plugins-lcas/Makefile.am
A /trunk/lcmaps-plugins-tracking-groupid/BUGS
M /trunk/lcmaps-plugins-tracking-groupid/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/Makefile.am
Add empty BUGS files for lcmaps-plugins-basic and
lcmaps-plugins-tracking-groupid with basic bug filing information.
Make sure BUGS file is packaged and distributed.
------------------------------------------------------------------------
r17567 | msalle | 2014-02-28 13:37:07 +0100 (Fri, 28 Feb 2014) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/ChangeLog
Update ChangeLog
------------------------------------------------------------------------
r17566 | msalle | 2014-02-28 13:36:44 +0100 (Fri, 28 Feb 2014) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
Update NEWS file
------------------------------------------------------------------------
r17552 | msalle | 2014-02-27 17:41:02 +0100 (Thu, 27 Feb 2014) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-scas-client/src/saml2-xacml2/io_handler/ssl/ssl-common.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/scas/src/saml2-xacml2/io_handler/ssl/ssl-common.c
i2c_ASN1_INTEGER needs a char** and will update it, proper way is via a temp
------------------------------------------------------------------------
r17551 | msalle | 2014-02-27 17:31:58 +0100 (Thu, 27 Feb 2014) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-scas-client/src/saml2-xacml2/io_handler/ssl/ssl-common.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/scas/NEWS
M /trunk/scas/src/saml2-xacml2/io_handler/ssl/ssl-common.c
Bug fix for lcmaps-plugins-verify-proxy: declared the wrong variable static
(pointer to buffer instead of buffer itself).
Syncing with scas-client and SCAS
------------------------------------------------------------------------
r17536 | msalle | 2014-02-27 11:12:15 +0100 (Thu, 27 Feb 2014) | 2 lines
Changed paths:
M /trunk/lcmaps/src/evaluationmanager/pdl.h
M /trunk/lcmaps/src/evaluationmanager/pdl_main.c
M /trunk/lcmaps/src/evaluationmanager/pdl_policy.c
M /trunk/lcmaps/src/evaluationmanager/pdl_rule.h
M /trunk/lcmaps/src/pluginmanager/lcmaps_utils.c
M /trunk/lcmaps-plugins-afs/src/afs/lcmaps_afs.c
M /trunk/lcmaps-plugins-basic/src/gridlist/lcmaps_gridlist.c
M /trunk/lcmaps-plugins-basic/src/ldap_enf/lcmaps_ldap.c
M /trunk/lcmaps-plugins-basic/src/localaccount/lcmaps_localaccount.c
M /trunk/lcmaps-plugins-basic/src/poolaccount/lcmaps_poolaccount.c
M /trunk/lcmaps-plugins-c-pep/src/c-pep/pep-c-interact.c
M /trunk/lcmaps-plugins-c-pep/src/c-pep/pep-c-obligation-handlers.c
M /trunk/lcmaps-plugins-c-pep/src/c-pep/pep-c-obligation-handlers_helpers.c
M /trunk/lcmaps-plugins-jobrep/src/api/jobrep_odbc_api.c
M /trunk/lcmaps-plugins-scas-client/src/saml2-xacml2/io_handler/ssl/ssl-common.c
M /trunk/lcmaps-plugins-scas-client/src/saml2-xacml2/io_handler/xacml_io_ssl.c
M /trunk/lcmaps-plugins-scas-client/src/scas-client/lcmaps_scas_client.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/lcmaps_proxylifetime.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-voms/src/gridlist/lcmaps_gridlist.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms_localaccount.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms_localgroup.c
M /trunk/scas/src/saml2-xacml2/io_handler/ssl/ssl-common.c
M /trunk/scas/src/saml2-xacml2/io_handler/xacml_io_ssl.c
M /trunk/scas/src/saml2-xacml2/server/pdp_xacml_authz_process.c
M /trunk/scas/src/saml2-xacml2/server/pdp_xacml_lcas_lcmaps.c
M /trunk/scas/src/scas-server/logging/scas_log.c
M /trunk/scas/src/scas-server/main.c
Fix GNU/pedantic compiler warnings
------------------------------------------------------------------------
r17529 | msalle | 2014-02-26 16:01:45 +0100 (Wed, 26 Feb 2014) | 7 lines
Changed paths:
M /trunk/glexec/src/glexec_ipc.c
M /trunk/lcmaps/src/evaluationmanager/pdl_rule.c
M /trunk/lcmaps/src/grid_credential_handling/gsi_handling/lcmaps_voms_attributes.c
M /trunk/lcmaps/src/grid_credential_handling/lcmaps_credential.c
M /trunk/lcmaps/src/grid_credential_handling/x509_handling/lcmaps_x509_utils.c
M /trunk/lcmaps/src/lcmaps.c
M /trunk/lcmaps/src/lcmaps_gss_assist_gridmap.c
M /trunk/lcmaps/src/lcmaps_return_account_from_pem.c
M /trunk/lcmaps/src/lcmaps_return_poolindex.c
M /trunk/lcmaps/src/pluginmanager/lcmaps_db_read.c
M /trunk/lcmaps/src/pluginmanager/lcmaps_pluginmanager.c
M /trunk/lcmaps-plugins-basic/src/gridlist/lcmaps_gridlist.c
M /trunk/lcmaps-plugins-basic/src/posix_enf/lcmaps_posix.c
M /trunk/lcmaps-plugins-c-pep/src/c-pep/lcmaps_c_pep.c
M /trunk/lcmaps-plugins-scas-client/interface/pep_obligation_handlers.h
M /trunk/lcmaps-plugins-scas-client/src/saml2-xacml2/client/pep_obligation_handlers.c
M /trunk/lcmaps-plugins-scas-client/src/saml2-xacml2/io_handler/network/net_common.c
M /trunk/lcmaps-plugins-scas-client/src/scas-client/lcmaps_scas_client.c
M /trunk/lcmaps-plugins-tracking-groupid/src/tracking_groupid/lcmaps_tracking_groupid.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-voms/src/gridlist/lcmaps_gridlist.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms_localaccount.c
M /trunk/scas/src/saml2-xacml2/io_handler/network/net_common.c
M /trunk/scas/src/saml2-xacml2/io_handler/ssl/ssl-common.c
M /trunk/scas/src/saml2-xacml2/io_handler/xacml_io_ssl.c
Fix numerous small warnings:
- break; after a return; is unreachable
- unused macros
Change back signature of the scas obligation handlers to be compatible with the
type in the XACML library.
Sync SCAS with lcmaps-plugins-scas-client
------------------------------------------------------------------------
r17526 | msalle | 2014-02-26 14:36:18 +0100 (Wed, 26 Feb 2014) | 9 lines
Changed paths:
M /trunk/lcmaps-plugins-afs/src/afs/lcmaps_afs.c
M /trunk/lcmaps-plugins-scas-client/interface/pep_obligation_handlers.h
M /trunk/lcmaps-plugins-scas-client/src/saml2-xacml2/client/pep_obligation_handlers.c
M /trunk/lcmaps-plugins-scas-client/src/saml2-xacml2/io_handler/ssl/ssl-common.c
M /trunk/lcmaps-plugins-scas-client/src/scas-client/lcmaps_scas_client.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
Fix parsing of cmdline args in lcmaps_afs
Fix use of proxy_type_t (when |-ing them they go outside the enum) in
lcmaps-plugins-verify-proxy
Fix use of global variable in lcmaps-plugins-scas-client
Fix (hopefully) casting of char** to const char**: define them
(const char*) const x[] in function and cast the char** explicitly to
a (const char)**
------------------------------------------------------------------------
r17521 | msalle | 2014-02-26 12:24:08 +0100 (Wed, 26 Feb 2014) | 38 lines
Changed paths:
M /trunk/cgul/environ/environ.c
M /trunk/cgul/fileutil/fileutil.c
M /trunk/lcmaps-plugins-afs/src/afs/lcmaps_afs.c
M /trunk/lcmaps-plugins-c-pep/src/c-pep/lcmaps_c_pep.c
M /trunk/lcmaps-plugins-c-pep/src/c-pep/pep-c-interact.c
M /trunk/lcmaps-plugins-c-pep/src/c-pep/pep-c-interact.h
M /trunk/lcmaps-plugins-c-pep/src/c-pep/pep-c-obligation-handlers.c
M /trunk/lcmaps-plugins-jobrep/src/api/jobrep_odbc_api.c
M /trunk/lcmaps-plugins-jobrep/src/jobrep/jobrep_data_handling.c
M /trunk/lcmaps-plugins-scas-client/interface/pep_obligation_handlers.h
M /trunk/lcmaps-plugins-scas-client/src/saml2-xacml2/client/pep_obligation_handlers.c
M /trunk/lcmaps-plugins-scas-client/src/saml2-xacml2/io_handler/network/net_common.c
M /trunk/lcmaps-plugins-scas-client/src/saml2-xacml2/io_handler/ssl/ssl-common.c
M /trunk/lcmaps-plugins-scas-client/src/scas-client/lcmaps_scas_client.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms_localaccount.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms_poolaccount.c
Fix clang compiler warnings, in particular uninitialized variables and char*
const char* inconsistencies:
cgul:
- fix harmless uninitialized vars warnings: we checked with a flag in any case
all plugins:
- char * -> const char * for functions where possible and for char* used only as
literals.
c-pep:
- treat pep_error_t properly
- use a strdup for the oh.id since we cannot guarantee they are constant
pepc_initialize() returns number of oh-s so that we can properly clean all
of them.
pepc_initialize() also makes sure that oh is properly initialized and that the
right variable is free-ed (it should have been *oh in the old version, not oh
itself).
- do not log that addCredentialData() failed as we don't call it.
jobrep:
- define a variable emptyname instead of using the string literal. Note that
getgrname also reuses the same buffer...
scas-client:
- getnameinfo() is wrongly described in (my) Linux manpage to use a size_t
hostlen which not only in POSIX is nowadays a socklen_t nodelen, but also in
the actual Linux header file /usr/include/netdb.h, at least since
glibc-2.1.91.
- define variable name in order to call X509_PURPOSE_get_by_sname() with a
char*. The OpenSSL implementation (anything since its introduction in OpenSSL
0.9.5) only uses it in a strcmp so it could have been a const char *, but we
don't rely on the implementation.
verify-proxy:
- treat verify_x509_error_t properly
- remove useless statement nfqan = nfqan
------------------------------------------------------------------------
r17517 | msalle | 2014-02-25 16:58:59 +0100 (Tue, 25 Feb 2014) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-afs/src/afs/lcmaps_afs.c
M /trunk/lcmaps-plugins-basic/src/ban_dn/lcmaps_ban_dn.c
M /trunk/lcmaps-plugins-basic/src/localaccount/lcmaps_localaccount.c
M /trunk/lcmaps-plugins-c-pep/src/c-pep/lcmaps_c_pep.c
M /trunk/lcmaps-plugins-jobrep/src/jobrep/lcmaps_jobrep.c
M /trunk/lcmaps-plugins-lcas/src/lcas/lcmaps_lcas.c
M /trunk/lcmaps-plugins-scas-client/src/saml2-xacml2/client/pep_obligation_handlers.c
M /trunk/lcmaps-plugins-scas-client/src/scas-client/lcmaps_scas_client.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_ban_fqan.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms_localaccount.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms_localgroup.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms_poolaccount.c
M /trunk/lcmaps-plugins-voms/src/voms/lcmaps_voms_poolgroup.c
Fix remaining logstr.
------------------------------------------------------------------------
r17514 | msalle | 2014-02-25 16:38:20 +0100 (Tue, 25 Feb 2014) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-c-pep/src/c-pep/lcmaps_c_pep.c
M /trunk/lcmaps-plugins-c-pep/src/c-pep/pep-c-interact.c
M /trunk/lcmaps-plugins-lcas/src/lcas/lcmaps_lcas.c
M /trunk/lcmaps-plugins-scas-client/src/saml2-xacml2/client/pep_obligation_handlers.c
M /trunk/lcmaps-plugins-scas-client/src/scas-client/lcmaps_scas_client.c
M /trunk/lcmaps-plugins-tracking-groupid/src/tracking_groupid/lcmaps_tracking_groupid.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/scas/src/saml2-xacml2/server/pdp_xacml_authz_process.c
M /trunk/scas/src/saml2-xacml2/server/pdp_xacml_lcas_lcmaps.c
M /trunk/scas/src/scas-server/main.c
String constant logstr should be declared const char *
------------------------------------------------------------------------
r17497 | msalle | 2014-02-24 22:28:52 +0100 (Mon, 24 Feb 2014) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Make proxy-cert pathlen checks dependent on OpenSSL version: they don't exist
pre-0.9.8
------------------------------------------------------------------------
r17480 | msalle | 2014-02-21 15:04:47 +0100 (Fri, 21 Feb 2014) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-scas-client/NEWS
M /trunk/lcmaps-plugins-scas-client/doc/man/lcmaps_plugins_scas_client.8.src
M /trunk/lcmaps-plugins-scas-client/src/scas-client/lcmaps_scas_client.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Add support for X509_CERT_DIR into lcmaps-plugins-scas-client: it used to
fallback directly to /etc/grid-security/certificates, now - when no -capath is
given - look first at X509_CERT_DIR. Update manpage and NEWS file.
------------------------------------------------------------------------
r17479 | msalle | 2014-02-21 14:52:41 +0100 (Fri, 21 Feb 2014) | 7 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/doc/lcmaps_verify_proxy.mod.8
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Add better support for (default) CA certificate directory: can now also specify
-capath (or --capath). When unset as commandline arg, look at $X509_CERT_DIR
(e.g. from gLExec and/or LCMAPS) or ultimately at
/etc/grid-security/certificates.
Updating version, NEWS file and manpage
------------------------------------------------------------------------
r17405 | msalle | 2014-02-11 10:32:14 +0100 (Tue, 11 Feb 2014) | 3 lines
Changed paths:
M /trunk/ees/bootstrap
M /trunk/glexec/bootstrap
M /trunk/lcas/bootstrap
M /trunk/lcas-lcmaps-gt4-interface/bootstrap
M /trunk/lcas-plugins-basic/bootstrap
M /trunk/lcas-plugins-check-executable/bootstrap
M /trunk/lcas-plugins-voms/bootstrap
M /trunk/lcmaps/bootstrap
M /trunk/lcmaps-plugins-afs/bootstrap
M /trunk/lcmaps-plugins-basic/bootstrap
M /trunk/lcmaps-plugins-c-pep/bootstrap
M /trunk/lcmaps-plugins-jobrep/bootstrap
M /trunk/lcmaps-plugins-lcas/bootstrap
M /trunk/lcmaps-plugins-scas-client/bootstrap
M /trunk/lcmaps-plugins-tracking-groupid/bootstrap
M /trunk/lcmaps-plugins-verify-proxy/bootstrap
M /trunk/lcmaps-plugins-voms/bootstrap
M /trunk/scas/bootstrap
Add --force to autoheader: we do not provide our own headerfile template, so we
want want to get that from autoheader.
------------------------------------------------------------------------
r17403 | msalle | 2014-02-10 11:56:07 +0100 (Mon, 10 Feb 2014) | 2 lines
Changed paths:
M /trunk/ees/bootstrap
M /trunk/glexec/bootstrap
M /trunk/lcas/bootstrap
M /trunk/lcas-lcmaps-gt4-interface/bootstrap
M /trunk/lcas-plugins-basic/bootstrap
M /trunk/lcas-plugins-check-executable/bootstrap
M /trunk/lcas-plugins-voms/bootstrap
M /trunk/lcmaps/bootstrap
M /trunk/lcmaps-plugins-afs/bootstrap
M /trunk/lcmaps-plugins-basic/bootstrap
M /trunk/lcmaps-plugins-c-pep/bootstrap
M /trunk/lcmaps-plugins-jobrep/bootstrap
M /trunk/lcmaps-plugins-lcas/bootstrap
M /trunk/lcmaps-plugins-scas-client/bootstrap
M /trunk/lcmaps-plugins-tracking-groupid/bootstrap
M /trunk/lcmaps-plugins-verify-proxy/bootstrap
M /trunk/lcmaps-plugins-voms/bootstrap
M /trunk/saml2-xacml2-c-lib/xacml/bootstrap
M /trunk/scas/bootstrap
Update bootstrap scripts: should run libtoolize before aclocal
------------------------------------------------------------------------
r17356 | msalle | 2014-02-06 17:11:01 +0100 (Thu, 06 Feb 2014) | 2 lines
Changed paths:
M /trunk/glexec/ChangeLog
M /trunk/lcmaps/ChangeLog
M /trunk/lcmaps-plugins-afs/ChangeLog
M /trunk/lcmaps-plugins-basic/ChangeLog
M /trunk/lcmaps-plugins-c-pep/ChangeLog
M /trunk/lcmaps-plugins-jobrep/ChangeLog
M /trunk/lcmaps-plugins-lcas/ChangeLog
M /trunk/lcmaps-plugins-scas-client/ChangeLog
M /trunk/lcmaps-plugins-tracking-groupid/ChangeLog
M /trunk/lcmaps-plugins-verify-proxy/ChangeLog
M /trunk/lcmaps-plugins-voms/ChangeLog
M /trunk/scas/ChangeLog
Update ChangeLog files. We are (hopefully) ready to release.
------------------------------------------------------------------------
r17294 | msalle | 2014-01-16 16:19:34 +0100 (Thu, 16 Jan 2014) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
Fix typo: LOG_NOTICE should have been LOG_DEBUG
------------------------------------------------------------------------
r17293 | msalle | 2014-01-16 10:47:59 +0100 (Thu, 16 Jan 2014) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
Update NEWS file
------------------------------------------------------------------------
r17292 | msalle | 2014-01-16 10:47:01 +0100 (Thu, 16 Jan 2014) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_log.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Log info messages from verify lib to LOG_INFO instead of LOG_DEBUG.
Log reason (on LOG_INFO) for ignored verification errors such as missing CRL.
------------------------------------------------------------------------
r17274 | msalle | 2014-01-07 15:53:34 +0100 (Tue, 07 Jan 2014) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Add missing pkey definition.
------------------------------------------------------------------------
r17273 | msalle | 2014-01-07 15:50:46 +0100 (Tue, 07 Jan 2014) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Update with latest from Jan Just's grid-proxy-verify.c, warning when keylength
is less than 1024 bits.
------------------------------------------------------------------------
r17267 | msalle | 2013-12-20 13:45:34 +0100 (Fri, 20 Dec 2013) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Bugfix: when we run alternative RFC5280 and RFC3820 compliance tests for the
pathlen (i.e. when a X509_V_ERR_PATH_LENGTH_EXCEEDED or
X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED has occurred, and the alternative test
succeeds, we need to set ok to 1.
------------------------------------------------------------------------
r17263 | msalle | 2013-12-19 14:09:14 +0100 (Thu, 19 Dec 2013) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Add comment to clarify
------------------------------------------------------------------------
r17235 | msalle | 2013-12-11 14:57:22 +0100 (Wed, 11 Dec 2013) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
Move variable declaration to top (needed for the const int )
------------------------------------------------------------------------
r17230 | msalle | 2013-12-11 12:42:12 +0100 (Wed, 11 Dec 2013) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/lcmaps_proxylifetime.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_log.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Cast numerical constants to right type
------------------------------------------------------------------------
r17228 | msalle | 2013-12-11 11:19:16 +0100 (Wed, 11 Dec 2013) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-afs/configure.ac
M /trunk/lcmaps-plugins-basic/configure.ac
M /trunk/lcmaps-plugins-c-pep/configure.ac
M /trunk/lcmaps-plugins-jobrep/configure.ac
M /trunk/lcmaps-plugins-scas-client/configure.ac
M /trunk/lcmaps-plugins-tracking-groupid/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-voms/configure.ac
Update configure.ac to use the just determined LCMAPS_CFLAGS for checking for
lcmaps_plugin_prototypes.h
------------------------------------------------------------------------
r17224 | msalle | 2013-12-10 17:39:25 +0100 (Tue, 10 Dec 2013) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c
Replace index name by myindex to prevent shadowing global.
------------------------------------------------------------------------
r17184 | msalle | 2013-11-29 11:13:23 +0100 (Fri, 29 Nov 2013) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
Update NEWS file
------------------------------------------------------------------------
r17179 | msalle | 2013-11-28 16:17:32 +0100 (Thu, 28 Nov 2013) | 110 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
D /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/grid-proxy-verify.c
D /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/grid-proxy-verify.h
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_plugin_prototypes.h (from /trunk/lcmaps-plugins-voms/src/voms/lcmaps_plugin_prototypes.h:17163)
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/lcmaps_proxylifetime.c (from /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.c:17163)
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/lcmaps_proxylifetime.h (from /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.h:17163)
D /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.c
D /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/Makefile
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509_utils.c (from /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/verify_x509_utils.c:17163)
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_log.c (from /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.c:17163)
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_log.h (from /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.h:17163)
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
D /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.c
D /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.h
D /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/verify_x509_utils.c
A /trunk/lcmaps-plugins-verify-proxy/util
A /trunk/lcmaps-plugins-verify-proxy/util/grid-proxy-verify.c (from /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/grid-proxy-verify.c:17163)
A /trunk/lcmaps-plugins-verify-proxy/util/grid-proxy-verify.h (from /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/grid-proxy-verify.h:17163)
General cleanup of the code, few minor bugfixes, cleanup of compiler warnings.
- move grid-proxy-verify.? out of src tree into new util/ dir
- add support for lcmaps_plugin_prototypes.h when available, or use local one
otherwise
- rename verify-lib/src_internal/log.? into _verify_log.?
- move src_internal/verify_x509_utils.c to src/
- much more comments in code
- cleanup configure.ac:
* remove unused or obsolete tests
* add test for lcmaps plugin prototypes
* enable ENABLE_LCMAPS_LOGGING here instead of always and in the .c file
* update version to 1.5.5
- cleanup src/verify-proxy/Makefile.am:
* should not link to libssl and libcrypto already comes from the test in
configure.ac
* move some from the EXTRA_DIST to _SOURCES as they are actually used
- src/verify-proxy/lcmaps_verify_proxy.c
* removal plugin prototypes (moved to header file)
* update list of #include files
* move #define to top here since it's only used here
* atoi -> strtol
* remove restriction to set at most 9 TTL levels
* update logging of TTLs
* fix logging of TTL at wrong place (before it's determined).
* treat the error/reason codes consistently (see ERR_get_error() and
friends), see also in other files.
* flush and log OpenSSL error queue at the end (in case of failure)
* move static function to end
- src/verify-proxy/proxylifetime/lcmaps_proxylifetime.c and
src/verify-proxy/proxylifetime/lcmaps_proxylifetime.h
* renamed from proxylifetime.?
* functions are properly prefixed with lcmaps_lifetime_
* update list of headers
* bugfix: definition of timeIsInBetween: it returned either 1 or 2, changed
into 1 or 0, so that the test if (time...) actually works
* check (more) return values for errors, including from malloc/calloc.
* generally clean up code
- src/verify-proxy/verify-lib/Makefile
* remove ansi and pedantic flags, replace with Wextra and Wconversion
- src/verify-proxy/verify-lib/main.c
* cleanup #include headers
* handle difference between reasons and err-s.
* dump error queue at end
* return 1 on param failure, 2 on verification failure
- src/verify-proxy/verify-lib/src_internal/_verify_log.c
src/verify-proxy/verify-lib/src_internal/_verify_log.h
* renamed from log.?
* cleanup #include
* rename function to start with verify_
* only define log_level related code in non-LCMAPS
* include lcmaps header when in LCMAPS mode
* move VERIFY_LOG_BUFFER_SIZE #define to .c file.
* define log_level as static
* bugfix: code did not compile in non-LCMAPS mode due to extra bogus
vsprintf
* properly check return value of vsnprintf
- src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
* cleanup list of #include
* remove (uninteresting) unused #define
* change VERIFY_X509_* #defines into enum verify_x509_option_t
* change ERR_VERIFY_X509_PARAMS_* #defines into part of enum
verify_x509_error_t with renaming into VER_R_X509_PARAMS_ (they are
'reasons')
* Add new reasons to verify_x509_error_t
* change some types, e.g. short-s cannot be passed into a ... (va_arg) and
will become int in any case
* reorder #define for clarity
- src/verify-proxy/verify-lib/interface/verify_x509.h
src/verify-proxy/verify-lib/src/verify_x509.c
src/verify-proxy/verify-lib/src/verify_x509_utils.c
* verify_x509_utils.c is moved from src_internal to src, since it contains
public fcies.
* public prototypes for both .c are in same verify_x509.h (utils are moved
from _verify_x509.h)
* rename lcmaps_type_of_proxy() into verify_type_of_proxy()
* different versions of asn1TimeToTimeT() are merged into
verify_asn1TimeToTimeT() in _utils.c
* cleanup list of #include
* properly treat OpenSSL reasons and errors (int and long unsigned) and
implement our own extensions via ERR_load_strings etc.:
- errors are pushed onto the error stack and printed at the end of the
run.
- verify_X509_init calls verify_init_library()
- verify_X509_setParameter() returns verify_x509_error_t, not an int
- verify_X509_verify() returns ERR_peek_error() or likewise from our
library
- process_internal_verify_data returns ERR_peek_error() or likewise from
our library
* process_internal_verify_data becomes static
- src/verify-proxy/verify-lib/src_internal/_verify_x509.h
* add verify_func_t enum with function constants, used by the error
handling.
* add macros VERIFY_errval() and VERIFY_reasonval() which push the error on
the stack and return the (long unsigned) error or (int) reason.
* cleanup list of #include
* only declare functions that are used outside _verify_x509.c
- src/verify-proxy/verify-lib/src_internal/_verify_x509.c
* many functions become static as they are only used internally
* new functions verify_errval() and verify_reasonval() which are called by
the new macros VERIFY_errval() and VERIFY_reasonval() (see above) and call
ERR_put_error().
* new function verify_init_library which initialized our library extensions
and loads the corresponding error and function strings.
* public (non-static) function start with verify_, static with grid_
* consistently and correctly treat the return values of all the functions,
do not mix int and long unsigned.
* remove dead functions and code
------------------------------------------------------------------------
r17163 | msalle | 2013-11-15 14:19:46 +0100 (Fri, 15 Nov 2013) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
Fix some implicit casts and a missing prototype
------------------------------------------------------------------------
r16767 | msalle | 2012-11-08 15:54:59 +0100 (Thu, 08 Nov 2012) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/Makefile.am
Adding BUGS to doc_data and hence distribute and install it as doc
------------------------------------------------------------------------
r16738 | dennisvd | 2012-11-01 12:08:58 +0100 (Thu, 01 Nov 2012) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.c
fixed typo: Succesfully -> Successfully (3x) (Thanks to lintian)
------------------------------------------------------------------------
r16737 | dennisvd | 2012-11-01 12:07:35 +0100 (Thu, 01 Nov 2012) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
fixed typo: explict -> explicit (Thanks to lintian)
------------------------------------------------------------------------
r16707 | okoeroo | 2012-10-31 01:04:23 +0100 (Wed, 31 Oct 2012) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/ChangeLog
ChangeLog file update
------------------------------------------------------------------------
r16706 | okoeroo | 2012-10-31 01:02:10 +0100 (Wed, 31 Oct 2012) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/doc/lcmaps_verify_proxy.mod.8
Additions to the man page
------------------------------------------------------------------------
r16705 | okoeroo | 2012-10-31 00:57:43 +0100 (Wed, 31 Oct 2012) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/doc/lcmaps_verify_proxy.mod.8
Updated the man page
------------------------------------------------------------------------
r16704 | okoeroo | 2012-10-30 16:22:55 +0100 (Tue, 30 Oct 2012) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/BUGS
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Fixed a bug in the proxy sanity checking and enabled USE_STRICT_PATH_VALIDATION.
------------------------------------------------------------------------
r16657 | okoeroo | 2012-10-26 17:18:20 +0200 (Fri, 26 Oct 2012) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
Cleaned up code segments, removed debug code, added function prototypes, debugged and fixed the Limited proxy restriction and added GT3 Limited proxy to the test list. Removed a lot of duplicate code where the certificate chain expectations are tested and error reported. This is now a lot more readable and the error output doesnt mix the chain validation code.
------------------------------------------------------------------------
r16646 | okoeroo | 2012-10-26 15:42:32 +0200 (Fri, 26 Oct 2012) | 10 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/BUGS
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/verify_x509_utils.c
Version 1.5.4
-------------
- Added the option --disallow-limited-proxy on request by Igor Sfiligoi to be
able to disallow limited proxies.
- Added full support for RFC and GT3 proxies. Properly detecting the proxy
types, including limited proxies is now fully supported. RESTRICTED and
INDEPENDENT in (pre-)RFC proxies WILL be treated as an IMPERSONATION proxy
type, which is the default.
------------------------------------------------------------------------
r16545 | okoeroo | 2012-10-15 22:33:40 +0200 (Mon, 15 Oct 2012) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
Replacing false OSPF statements with OCSP statements. Implementing the option --disallow-limited-proxy.
------------------------------------------------------------------------
r16544 | okoeroo | 2012-10-15 22:31:17 +0200 (Mon, 15 Oct 2012) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
Replacing false OSPF statements with OCSP statements. Implementing the option --disallow-limited-proxy.
------------------------------------------------------------------------
r16417 | okoeroo | 2012-06-18 12:23:10 +0200 (Mon, 18 Jun 2012) | 12 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/BUGS
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
The first delegation can now be a GT2/old-style Limited proxy.
Note:
The proxy certificate semantic checks do support the complete semantics for CA,
EEC, old-style proxy, RFC3820 proxy, old-style limited proxy and RFC3820
Limited proxy certificate types.
BUT! The RFC3820 proxy types are not yet distinguishable. So all RFC3820 type
certificate are all tagged as type 'normal'
------------------------------------------------------------------------
r16416 | okoeroo | 2012-06-16 01:52:42 +0200 (Sat, 16 Jun 2012) | 25 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Version 1.5.3
-------------
- Brain Bockelman reported a verification failure when a certificate chain
contains at least two limited proxies. This version exclusively fixes this
problem.
- The add-on verification routines to semantically check the certificate
chain was not launched when the X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED error
was set. Only OpenSSL versions older then 0.9.8 would have this #ifdef
enable.
- OpenSSL casts an X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED where it doesn't
make sense as the test used a non-RFC3820 proxy. OpenSSL is not capable of
extracting a path length constraint out of non-RFC proxy. OpenSSL also
tagged all certificates in the chain to be showing the
X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED error. The add-on evaluator performs
a proper check to compensate.
- The add-on verification routines did not take limited proxies into account.
This mistake was gracefully neglected, because proxy chains with only one
Limited proxy at the end was perfectly tolerated. A double limited proxy or
proxy certificate chain with at least two (or more) Limited proxy
delegations of the RFC3820 and old-style proxy type would fail the
verification with the previously mentioned anomalies.
------------------------------------------------------------------------
r16156 | msalle | 2012-03-15 16:46:09 +0100 (Thu, 15 Mar 2012) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.c
Remove \t from log strings..
------------------------------------------------------------------------
r16087 | okoeroo | 2012-03-04 19:07:28 +0100 (Sun, 04 Mar 2012) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/ChangeLog
M /trunk/lcmaps-plugins-verify-proxy/NEWS
Updated the ChangeLog file on SVN and updated the NEWS file.
------------------------------------------------------------------------
r15906 | okoeroo | 2012-01-30 14:12:50 +0100 (Mon, 30 Jan 2012) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/ChangeLog
Updated the ChangeLog from svn log -v
------------------------------------------------------------------------
r15890 | okoeroo | 2012-01-27 17:15:26 +0100 (Fri, 27 Jan 2012) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Removed debugging messages.
------------------------------------------------------------------------
r15855 | okoeroo | 2012-01-18 19:28:33 +0100 (Wed, 18 Jan 2012) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
Bumped version.
------------------------------------------------------------------------
r15853 | okoeroo | 2012-01-17 20:04:36 +0100 (Tue, 17 Jan 2012) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/grid-proxy-verify.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/verify_x509_utils.c
Renewed LCMAPS verify-proxy plug-in. Now with better internal memory handling.
------------------------------------------------------------------------
r15834 | msalle | 2012-01-09 16:00:06 +0100 (Mon, 09 Jan 2012) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Add further clarifications about why the X509_STORE_* functions should not be
called.
------------------------------------------------------------------------
r15833 | msalle | 2012-01-09 15:06:31 +0100 (Mon, 09 Jan 2012) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Fixing invalid read. It seems we initialized the CA dirs twice. Once with
X509_STORE_load_locations and once with X509_LOOKUP_add_dir.
------------------------------------------------------------------------
r15832 | msalle | 2012-01-09 14:14:44 +0100 (Mon, 09 Jan 2012) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/verify_x509_utils.c
Cleanup evp_pkey and initialize entire struct tm to zero.
------------------------------------------------------------------------
r15680 | okoeroo | 2011-12-10 21:14:46 +0100 (Sat, 10 Dec 2011) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/doc/lcmaps_verify_proxy.mod.8
Tiny tweaks.
------------------------------------------------------------------------
r15679 | okoeroo | 2011-12-09 23:10:24 +0100 (Fri, 09 Dec 2011) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/doc/lcmaps_verify_proxy.mod.8
Typo
------------------------------------------------------------------------
r15678 | okoeroo | 2011-12-09 23:07:47 +0100 (Fri, 09 Dec 2011) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/doc/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/doc/lcmaps_verify_proxy.mod.8
Fixing make/build and install stuff. Also fixed some formating in the man page
file lcmaps_verify_proxy.mod.8
------------------------------------------------------------------------
r15677 | okoeroo | 2011-12-09 22:16:18 +0100 (Fri, 09 Dec 2011) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/Makefile.am
A /trunk/lcmaps-plugins-verify-proxy/doc
A /trunk/lcmaps-plugins-verify-proxy/doc/Makefile.am
A /trunk/lcmaps-plugins-verify-proxy/doc/lcmaps_verify_proxy.mod.8
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/grid-proxy-verify.c
Added man page for lcmaps_verify_proxy.mod.8
------------------------------------------------------------------------
r15676 | okoeroo | 2011-12-09 15:20:14 +0100 (Fri, 09 Dec 2011) | 33 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/BUGS
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
New feature to be able to REQUIRE the final certificate in a chain to be a
LIMITED proxy. Enable the option "--require-limited-proxy" to enforce this.
This version DOES NOT WORK with RFC3820 limited proxy. This will be added in an
update.
Updated NEWS file:
Version 1.5.0
-------------
- Changing the log messages to match the logging method used in LCMAPS
version 1.5.0, which will be using the Syslog native log priority/levels.
- The plugin will fail to initialize when the configured -cadir or -certdir
directory does not exist. This was a run-time error.
- Fixed the ability to use the plugin for life-time checking from a GT4 or
GT5 service. The requirement for a private key MUST be explicitly disabled
with either the configuration of "--only-enforce-lifetime-checks" or
"--discard_private_key_absence". The internally used environment variable
$VERIFY_PROXY_DISCARD_PRIVATE_KEY_ABSENCE is equivalent to the setting of
"--discard_private_key_absence". The environment variable can be
countered/muted by "--never_discard_private_key_absence".
- New feature to be able to REQUIRE the final certificate in a chain to be a
LIMITED proxy. Enable the option "--require-limited-proxy" to enforce
this.
This version DOES NOT WORK with RFC3820 limited proxy. This will be added
in an update.
------------------------------------------------------------------------
r15653 | okoeroo | 2011-11-30 21:16:57 +0100 (Wed, 30 Nov 2011) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Removed datetime creation and destruction, without use.
------------------------------------------------------------------------
r15629 | okoeroo | 2011-11-24 13:07:42 +0100 (Thu, 24 Nov 2011) | 10 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
- Fixed the ability to use the plugin for life-time checking from a GT4 or
GT5 service. The requirement for a private key MUST be explicitly disabled
with either the configuration of "--only-enforce-lifetime-checks" or
"--discard_private_key_absence". The internally used environment variable
$VERIFY_PROXY_DISCARD_PRIVATE_KEY_ABSENCE is equivalent to the setting of
"--discard_private_key_absence". The environment variable can be
countered/muted by "--never_discard_private_key_absence".
------------------------------------------------------------------------
r15628 | msalle | 2011-11-24 13:03:32 +0100 (Thu, 24 Nov 2011) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-afs/configure.ac
M /trunk/lcmaps-plugins-afs/src/afs/Makefile.am
M /trunk/lcmaps-plugins-c-pep/configure.ac
M /trunk/lcmaps-plugins-c-pep/doc/man/lcmaps-plugins-c-pep.8.src
M /trunk/lcmaps-plugins-c-pep/doc/man/sed.template.in
M /trunk/lcmaps-plugins-c-pep/src/c-pep/Makefile.am
M /trunk/lcmaps-plugins-gums/configure.ac
M /trunk/lcmaps-plugins-gums/src/gums/Makefile.am
M /trunk/lcmaps-plugins-jobrep/configure.ac
M /trunk/lcmaps-plugins-jobrep/src/jobrep/Makefile.am
M /trunk/lcmaps-plugins-scas-client/configure.ac
M /trunk/lcmaps-plugins-scas-client/doc/man/lcmaps_plugins_scas_client.8.src
M /trunk/lcmaps-plugins-scas-client/doc/man/sed.template.in
M /trunk/lcmaps-plugins-scas-client/src/Makefile.am
M /trunk/lcmaps-plugins-tracking-groupid/configure.ac
M /trunk/lcmaps-plugins-tracking-groupid/src/tracking_groupid/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-voms/configure.ac
M /trunk/lcmaps-plugins-voms/src/voms/Makefile.am
Determine dynamic library extension in configure and use that for creating
.mod symlinks.
------------------------------------------------------------------------
r15535 | okoeroo | 2011-11-08 10:57:27 +0100 (Tue, 08 Nov 2011) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
The plugin will fail to initialize when the configured -cadir or -certdir
directory does not exist. This was a run-time error.
------------------------------------------------------------------------
r15532 | okoeroo | 2011-11-07 22:36:21 +0100 (Mon, 07 Nov 2011) | 6 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.c
Version 1.5.0:
- Changing the log messages to match the logging method used in LCMAPS
version 1.5.0, which will be using the Syslog native log priority/levels.
------------------------------------------------------------------------
r15437 | msalle | 2011-08-15 17:32:33 +0200 (Mon, 15 Aug 2011) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.h
Use AC_LCMAPS_INTERFACE([basic])
Rename lcmaps_config.h into lcmaps_verify_proxy_config.h
------------------------------------------------------------------------
r15385 | okoeroo | 2011-08-02 14:17:16 +0200 (Tue, 02 Aug 2011) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/ChangeLog
Adding.
------------------------------------------------------------------------
r15384 | okoeroo | 2011-08-02 13:38:33 +0200 (Tue, 02 Aug 2011) | 25 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Version 1.4.12 - Try number two
-------------------------------
The new certificate type detection function makes it possible to detect the
proxy certificate type more cleanly and now properly distinghuishes RFC 3820
and old-style certificates reliable. A wrongly constructed chain is a rare
occurance, but is now properly detected and will result in an
X509_V_ERR_CERT_REJECTED or "certificate rejected" error code.
The certificate rejection is only triggered when the following #define is
enabled: USE_STRICT_PATH_VALIDATION. Without it, the condition will be treated
as a warning only seen on a verbose loglevel.
Also, the grid_verifyPathLenConstraints() function is now called when the
X509_verify() reaches the final certificate in the chain in its verification
cycle. This will dysect the certificate chain properly and trigger on the right
errors.
A bunch of useless debugging messages are no longer visable in the log file.
They can be revived when you upgrade the loglevel for more verbosity.
------------------------------------------------------------------------
r15383 | okoeroo | 2011-08-02 10:51:10 +0200 (Tue, 02 Aug 2011) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Minor logging output tweak.
------------------------------------------------------------------------
r15382 | okoeroo | 2011-08-01 20:19:49 +0200 (Mon, 01 Aug 2011) | 16 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/BUGS
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Version 1.4.12
--------------
The new certificate type detection function makes it possible to detect the
proxy certificate type more cleanly and now properly distinghuishes RFC 3820
and old-style certificates reliable. A wrongly constructed chain is a rare
occurance, but is now properly detected and will result in an
X509_V_ERR_CERT_REJECTED or "certificate rejected" error code.
Also, the grid_verifyPathLenConstraints() function is now called when the
X509_verify() reaches the final certificate in the chain in its verification
cycle. This will dysect the certificate chain properly and trigger on the right
errors.
------------------------------------------------------------------------
r15370 | okoeroo | 2011-07-21 14:20:00 +0200 (Thu, 21 Jul 2011) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/BUGS
M /trunk/lcmaps-plugins-verify-proxy/ChangeLog
M /trunk/lcmaps-plugins-verify-proxy/NEWS
A /trunk/lcmaps-plugins-verify-proxy/README
Preparing release for 1.4.11
------------------------------------------------------------------------
r15369 | okoeroo | 2011-07-21 12:37:11 +0200 (Thu, 21 Jul 2011) | 59 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
In short (inspired by the game Cluedo):
CREAM did it, using bugs in path length constraints, in OpenSSL/Globus
And now the slightly more elaborate explanation about the problem, how we analyzed it, interpreted the information and implemented a reliable workaround. It also shows that the CREAM CE itself is not directly the cause, but a trigger of the bug. This problem can occur in a lot of other places too and is a pain to analyse. One added motivation on why its such a pain to analyse is that I'm seeing known effects and problems occur along the analyses steering me in mildly the right direction, while I'm already mind-programming a workaround.
Reproducing the problem was hard:
The effects observed by users is a failure in job submission to any gLite 3.2 CREAM CE, when its submitted through a WMS. Probably also on all EMI-1 CREAM CE too. The error message returned from the CREAM CE indicates a failure in gLExec's LCMAPS plugin that verifies a proxy certificate chain.
Prerequisites (all of this must be true aka logical AND) to trigger the faulty situation:
- Use the Terena eScience Personal TCS, which has a pathlen = 0 set on the final CA.
- Use old style proxies (GT2), note: they don't feature a path length constraint field.
- Use a CREAM CE on gLite 3.2 (uses Globus GT4 from VDT)
- Access the CREAM CE through a WMS to use sufficient delegations or MyProxy
Change any of the above parameters and it will work. Meaning, the problem did NOT occure when the following was used:
- Direct job submission (only ONE proxy delegation may be used)
- Direct gLExec test on the shell, which just works.
Unverified situations:
- The effects when using RFC 3820 proxies
- Using EMI-1's CREAM CE
Hypothesis:
Tests have shown that the certificate chain is constructed properly. The hypothesis is that the GT4 from the VDT is interfering with OpenSSL sequences that we rely on in LCMAPS.
Cause(s) of the problem and analyses so far:
The gLExec in the CREAM CE uses LCMAPS to perform the account mapping in gLite 3.2. LCMAPS is dynamically linked to Globus to support its direct Globus based interfaces. The LCMAPS framelaunched several plugins, of which the verify-proxy is the first, from the lcmaps-plugins-verify-proxy package.
The verify-proxy fails with an error in the log file, originating from OpenSSL, that the path length of the certificate chain exceeded the constraint bound from the certificate chain itself. Analyses of the chain has shown that both the RFC5280 path length constraint and the RFC3820 path length constraint did not apply here. The Terena eScence TERENA eScience Personal CA has a critical basic constraint set to indicate a path length is 0 (=zero). This means that no other CA certificate can follow this CA certificate in a chain. The RFC 3820 path length constraint doesn't apply on old-style (i.e. GT2) proxy certificates.
Despite the installation and the certificate chain involved; OpenSSL triggers an X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED error code, indicating the path length exceeded in the proxy certificates. Given the research on the certificate chain we will assume that this is a false-positive (or true-negative).
See wiki for details: http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/How_to_handle_OpenSSL_and_not_get_hurt_and_what_does_that_library_call_really_do%3F#Path_length_constraints
The interesting details here is that the Terena eScience Personal CA, Terena eScience SSL CA and the FNAL SLCS are the only CAs using a Path Length Constraint of 0 (=zero) in the IGTF. This gives a motivation to search in this direction as similar certificate chains are not affected at all.
On both our EMI and gLite 3.2 test nodes running gLExec we couldn't reproduce the problem. We tried a gLite 3.2 CREAM CE and could reproduce the failure when we introduced a few extra delegations to the certificate chain before we submitted a test job.
After looking at the libraries used on the CREAM CE, being GT4 from the VDT, and knowing that the OpenSSL interaction is significantly different made us put the blame on the GT4 libraries. They are known to have changed parts of OpenSSL itself and their own callbacks. This might cause the weird effect in the verification stage. We've experienced race condition in library loading where the order of dynamic library resolvement and loading was significant for the observed failures. This problem has characteristics of it as the problem seemed to be specifc to the machine. We would need to investigate the GT4 OpenSSL interacting code to be certain about it. This is not an easy task and might be too expensive, while a work around is possible.
We looked at the CREAM CE interaction some more, installed a new CREAM CE from scratch and were interested to reproduce the problem in gLExec. Somehow we couldn't reproduce it when we ran gLExec standalone on the CREAM CE. This should not happen. It should have failed. We tried another proxy chain (mine this time) created from my OSX build of voms-proxy-init version 1.8.8. Again, the problem didn't occure. I hacked the gLExec script that was executing on the failing CREAM CE, which I tested using the glite-ce-job-submit tool, to copy the proxy certificate before deleting itself. We used this chain in the bare gLExec run and then it failed. This certificate chain was examined, turned out to be OK, but is different as it had CA certificates in it.
This seemed to be the root cause of the problem. The CREAM CE (or perhaps its delegation service) is writing the proxy certificate chain from the SSL contect in the Tomcat instance from the user's interaction. This certificate chain was writing including all the CA certificates up to the root CA.
We tested the gLExec with the output of voms-proxy-init/grid-proxy-init which do *not* include the CA certificates in the certificate chain. As this is not added, the CA certificates will be added to the verification sequences in a different way by the OpenSSL routines. This is required to verify the full chain. There is a use case for adding your own (intermediate) CA to the client/host certificate chain, but this doesn't count in the Grid world with the IGTF. As the CA certificates are added in a different way later and treated differently, OpenSSL will verify the certificate chain differently. Either the Globus OpenSSL or the OpenSSL 0.9.8a is to blame that certificate chains with old-style proxies have the path length constraint field, used exlusively for RFC 3820 proxies, set to 0 (=zero) instead of -1 (=minus one) aka uninitialized. This nullification is most probably triggered by the path length constraint value in the Terena sub-CA certificate added to the normal certificate chain evaluation sequences, instead of kept aside in the list of used CA certificates for a certificate chain in an SSL context.
Workaround:
Build a DIY (=Do It Yourself) Path Length Constraint a la RFC 5280 and RFC 3820 in the verify proxy LCMAPS plugin. This will work around any potential library loading issue that could possibly happen. It also works around odd implementations of the verification sequences and it can work around the bug of wrong initialization values for path length constraint. Another possible workaround would be to alter the certificate chain before it hits the verification stage. This could work, but needs research in the right code-wise location in OpenSSL to let this work reliably. We're also going to introduce a duplication of the certificate chain to not tamper with the original input and pragmatically we need to work with two different certificate chains. The first option is significantly less work and straight forward.
To consider for other tools:
OpenSSL and possibly GT5 needs double checking if the support for RFC proxies is capable of handling edge-case input, demonstrated by the CREAM CE (or a component thereof). The CREAM CE should not add the CA certificates to the gLExec input. We should be tolerant on the gLExec side, but regardless the CREAM CE should not have done this and should have followed the same approach with gLExec as to setting up an SSL context. This means that you do not send CA certificates over the wire unless you are absolutely sure that this is really needed.
Output:
lcmaps-plugins-verify version 1.4.11 is to be certified featuring a function to catch the X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED error and check the certificate chain for its RFC 5280 and RFC 3820 compliance regarding path length constraints.
------------------------------------------------------------------------
r15310 | dennisvd | 2011-07-11 12:11:39 +0200 (Mon, 11 Jul 2011) | 2 lines
Changed paths:
M /trunk/lcas/examples/Makefile.am
M /trunk/lcas-plugins-check-executable/src/check-executable/Makefile.am
M /trunk/lcas-plugins-voms/src/voms/Makefile.am
M /trunk/lcmaps-plugins-afs/src/afs/Makefile.am
M /trunk/lcmaps-plugins-c-pep/src/c-pep/Makefile.am
M /trunk/lcmaps-plugins-gums/src/gums/Makefile.am
M /trunk/lcmaps-plugins-jobrep/src/jobrep/Makefile.am
M /trunk/lcmaps-plugins-scas-client/src/Makefile.am
M /trunk/lcmaps-plugins-tracking-groupid/src/tracking_groupid/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-voms/src/voms/Makefile.am
Make all plugins without versioned names (using -avoid-version)
------------------------------------------------------------------------
r15309 | dennisvd | 2011-07-11 12:05:16 +0200 (Mon, 11 Jul 2011) | 2 lines
Changed paths:
M /trunk/lcas-plugins-check-executable/configure.ac
M /trunk/lcas-plugins-voms/configure.ac
M /trunk/lcmaps-plugins-afs/configure.ac
M /trunk/lcmaps-plugins-c-pep/configure.ac
M /trunk/lcmaps-plugins-gums/configure.ac
M /trunk/lcmaps-plugins-jobrep/configure.ac
M /trunk/lcmaps-plugins-scas-client/configure.ac
M /trunk/lcmaps-plugins-tracking-groupid/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-voms/configure.ac
Update the default moduledir to be 'lcas' resp. 'lcmaps' instead of 'modules'.
------------------------------------------------------------------------
r15298 | okoeroo | 2011-07-07 02:02:24 +0200 (Thu, 07 Jul 2011) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/BUGS
Updated BUGS
------------------------------------------------------------------------
r15297 | okoeroo | 2011-07-07 02:01:30 +0200 (Thu, 07 Jul 2011) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/NEWS
Updated NEWS
------------------------------------------------------------------------
r15296 | okoeroo | 2011-07-07 01:59:36 +0200 (Thu, 07 Jul 2011) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Version 1.4.10 : Fixing path length constraint problem. It seems to be different then the normal path len constraint, as this triggers X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED and not X509_V_ERR_PATH_LENGTH_EXCEEDED
------------------------------------------------------------------------
r15271 | okoeroo | 2011-04-19 16:32:02 +0200 (Tue, 19 Apr 2011) | 1 line
Changed paths:
A /trunk/lcmaps-plugins-verify-proxy/BUGS
Adding BUGS file
------------------------------------------------------------------------
r15268 | okoeroo | 2011-04-19 16:20:08 +0200 (Tue, 19 Apr 2011) | 1 line
Changed paths:
A /trunk/lcmaps-plugins-verify-proxy/NEWS
Adding NEWS file
------------------------------------------------------------------------
r15257 | okoeroo | 2011-04-15 14:02:36 +0200 (Fri, 15 Apr 2011) | 1 line
Changed paths:
A /trunk/lcmaps-plugins-verify-proxy/ChangeLog
Adding ChangeLog from svn log
------------------------------------------------------------------------
r15241 | msalle | 2011-04-14 12:29:43 +0200 (Thu, 14 Apr 2011) | 2 lines
Changed paths:
M /trunk/glexec/bootstrap
M /trunk/jobrepository/bootstrap
M /trunk/lcas/bootstrap
M /trunk/lcas-plugins-basic/bootstrap
M /trunk/lcas-plugins-check-executable/bootstrap
M /trunk/lcas-plugins-voms/bootstrap
M /trunk/lcmaps-plugins-afs/bootstrap
M /trunk/lcmaps-plugins-basic/bootstrap
M /trunk/lcmaps-plugins-c-pep/bootstrap
M /trunk/lcmaps-plugins-gums/bootstrap
M /trunk/lcmaps-plugins-jobrep/bootstrap
M /trunk/lcmaps-plugins-scas-client/bootstrap
M /trunk/lcmaps-plugins-tracking-groupid/bootstrap
M /trunk/lcmaps-plugins-verify-proxy/bootstrap
M /trunk/lcmaps-plugins-voms/bootstrap
M /trunk/scas/bootstrap
Adding --copy flag to libtoolize, which eases packaging.
------------------------------------------------------------------------
r15213 | dennisvd | 2011-04-07 15:29:01 +0200 (Thu, 07 Apr 2011) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/Makefile.am
removed trailing whitespace
------------------------------------------------------------------------
r15212 | dennisvd | 2011-04-07 15:28:43 +0200 (Thu, 07 Apr 2011) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
fixed include path references with $(srcdir) prefix
------------------------------------------------------------------------
r15182 | dennisvd | 2011-04-05 09:57:47 +0200 (Tue, 05 Apr 2011) | 2 lines
Changed paths:
M /trunk/lcas-plugins-basic/configure.ac
M /trunk/lcas-plugins-basic/src/timeslots/Makefile.am
M /trunk/lcas-plugins-basic/src/userallow/Makefile.am
M /trunk/lcas-plugins-basic/src/userban/Makefile.am
M /trunk/lcas-plugins-check-executable/configure.ac
M /trunk/lcas-plugins-check-executable/src/check-executable/Makefile.am
M /trunk/lcas-plugins-voms/configure.ac
M /trunk/lcas-plugins-voms/src/voms/Makefile.am
M /trunk/lcmaps-plugins-afs/Makefile.am
M /trunk/lcmaps-plugins-afs/configure.ac
M /trunk/lcmaps-plugins-afs/src/afs/Makefile.am
M /trunk/lcmaps-plugins-c-pep/configure.ac
M /trunk/lcmaps-plugins-c-pep/src/c-pep/Makefile.am
M /trunk/lcmaps-plugins-gums/configure.ac
M /trunk/lcmaps-plugins-gums/src/gums/Makefile.am
M /trunk/lcmaps-plugins-jobrep/configure.ac
M /trunk/lcmaps-plugins-jobrep/src/jobrep/Makefile.am
M /trunk/lcmaps-plugins-scas-client/configure.ac
M /trunk/lcmaps-plugins-scas-client/src/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-voms/configure.ac
M /trunk/lcmaps-plugins-voms/src/voms/Makefile.am
Added --with-moduledir to set the install location for plug-ins.
------------------------------------------------------------------------
r14914 | msalle | 2011-03-06 11:17:47 +0100 (Sun, 06 Mar 2011) | 2 lines
Changed paths:
M /trunk/jobrepository/configure.ac
M /trunk/lcas/configure.ac
M /trunk/lcas-lcmaps-gt4-interface/configure.ac
M /trunk/lcas-plugins-voms/configure.ac
M /trunk/lcmaps-plugins-afs/configure.ac
M /trunk/lcmaps-plugins-jobrep/configure.ac
M /trunk/lcmaps-plugins-scas-client/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-voms/configure.ac
M /trunk/scas/configure.ac
Bumping versions for components with fixed globus / crypto deps.
------------------------------------------------------------------------
r14880 | dennisvd | 2011-03-04 22:08:09 +0100 (Fri, 04 Mar 2011) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/Doxyfile
M /trunk/lcmaps-plugins-verify-proxy/LICENSE
M /trunk/lcmaps-plugins-verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/Makefile.am
removed executable bit
------------------------------------------------------------------------
r14879 | dennisvd | 2011-03-04 22:07:46 +0100 (Fri, 04 Mar 2011) | 1 line
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/AUTHORS
M /trunk/lcmaps-plugins-verify-proxy/Doxyfile
M /trunk/lcmaps-plugins-verify-proxy/LICENSE
M /trunk/lcmaps-plugins-verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/bootstrap
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/lcmaps.m4
M /trunk/lcmaps-plugins-verify-proxy/src/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/grid-proxy-verify.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/grid-proxy-verify.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/Makefile
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/verify_x509_utils.c
add keyword propery
------------------------------------------------------------------------
r14846 | msalle | 2011-03-04 16:22:33 +0100 (Fri, 04 Mar 2011) | 2 lines
Changed paths:
M /trunk/lcas-plugins-voms/configure.ac
M /trunk/lcmaps-plugins-jobrep/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-voms/configure.ac
Add check for libcrypto in essential components.
------------------------------------------------------------------------
r14690 | msalle | 2011-02-25 15:38:01 +0100 (Fri, 25 Feb 2011) | 2 lines
Changed paths:
M /trunk/jobrepository/Makefile.am
M /trunk/jobrepository/configure.ac
M /trunk/lcas-lcmaps-gt4-interface/configure.ac
M /trunk/lcas-plugins-basic/configure.ac
M /trunk/lcas-plugins-check-executable/configure.ac
M /trunk/lcas-plugins-voms/configure.ac
M /trunk/lcmaps-plugins-afs/configure.ac
M /trunk/lcmaps-plugins-basic/configure.ac
M /trunk/lcmaps-plugins-gums/configure.ac
M /trunk/lcmaps-plugins-jobrep/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-voms/configure.ac
M /trunk/scas/configure.ac
Re-syncing all the versions with branch EMI-1
------------------------------------------------------------------------
r14618 | msalle | 2011-02-23 12:58:46 +0100 (Wed, 23 Feb 2011) | 3 lines
Changed paths:
M /trunk
M /trunk/ees
M /trunk/ees-plugins-one
M /trunk/glexec
M /trunk/lcas
M /trunk/lcas-lcmaps-gt4-interface
M /trunk/lcas-plugins-basic
M /trunk/lcas-plugins-check-executable
M /trunk/lcas-plugins-voms
M /trunk/lcmaps-plugins-afs
M /trunk/lcmaps-plugins-basic
M /trunk/lcmaps-plugins-c-pep
M /trunk/lcmaps-plugins-gums
M /trunk/lcmaps-plugins-jobrep
M /trunk/lcmaps-plugins-scas-client
M /trunk/lcmaps-plugins-verify-proxy
M /trunk/lcmaps-plugins-voms
M /trunk/scas
Updating externals to use http://ndpfsvn.nikhef.nl/ro instead of
https://ndpfsvn.nikhef.nl/repos
------------------------------------------------------------------------
r11958 | msalle | 2011-01-07 14:18:38 +0100 (Fri, 07 Jan 2011) | 2 lines
Changed paths:
M /trunk/lcas-plugins-basic/Makefile.am
M /trunk/lcas-plugins-check-executable/Makefile.am
M /trunk/lcas-plugins-voms/Makefile.am
M /trunk/lcmaps-plugins-afs/Makefile.am
M /trunk/lcmaps-plugins-afs/src/afs/Makefile.am
M /trunk/lcmaps-plugins-basic/Makefile.am
M /trunk/lcmaps-plugins-basic/src/ldap_enf/Makefile.am
M /trunk/lcmaps-plugins-basic/src/localaccount/Makefile.am
M /trunk/lcmaps-plugins-basic/src/poolaccount/Makefile.am
M /trunk/lcmaps-plugins-basic/src/posix_enf/Makefile.am
M /trunk/lcmaps-plugins-c-pep/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-voms/Makefile.am
M /trunk/lcmaps-plugins-voms/src/voms/Makefile.am
Updating EXTRA_DIST etc. to include missing files in dist's
------------------------------------------------------------------------
r11953 | msalle | 2011-01-07 13:18:30 +0100 (Fri, 07 Jan 2011) | 2 lines
Changed paths:
D /trunk/lcas-plugins-basic/src/lcas_config.h.in
D /trunk/lcas-plugins-check-executable/src/lcas_config.h.in
D /trunk/lcas-plugins-voms/src/lcas_config.h.in
D /trunk/lcmaps-plugins-afs/src/lcmaps_config.h.in
D /trunk/lcmaps-plugins-gums/src/lcmaps_config.h.in
D /trunk/lcmaps-plugins-verify-proxy/src/lcmaps_config.h.in
D /trunk/lcmaps-plugins-voms/src/lcmaps_config.h.in
Removing automatically created _config.h.in files.
------------------------------------------------------------------------
r11951 | msalle | 2011-01-07 13:02:43 +0100 (Fri, 07 Jan 2011) | 2 lines
Changed paths:
A /trunk/glexec/AUTHORS (from /trunk/glexec/MAINTAINERS:11944)
D /trunk/glexec/MAINTAINERS
M /trunk/glexec/Makefile.am
A /trunk/lcas/AUTHORS (from /trunk/lcas/MAINTAINERS:11950)
D /trunk/lcas/MAINTAINERS
M /trunk/lcas/doc/Makefile.am
M /trunk/lcas-lcmaps-gt4-interface/Makefile.am
A /trunk/lcas-plugins-basic/AUTHORS (from /trunk/lcas-plugins-basic/MAINTAINERS:11946)
D /trunk/lcas-plugins-basic/MAINTAINERS
M /trunk/lcas-plugins-basic/Makefile.am
A /trunk/lcas-plugins-check-executable/AUTHORS (from /trunk/lcas-plugins-check-executable/MAINTAINERS:11947)
D /trunk/lcas-plugins-check-executable/MAINTAINERS
M /trunk/lcas-plugins-check-executable/Makefile.am
A /trunk/lcas-plugins-voms/AUTHORS (from /trunk/lcas-plugins-voms/MAINTAINERS:11947)
D /trunk/lcas-plugins-voms/MAINTAINERS
M /trunk/lcas-plugins-voms/Makefile.am
A /trunk/lcmaps/AUTHORS (from /trunk/lcmaps/MAINTAINERS:11927)
D /trunk/lcmaps/MAINTAINERS
M /trunk/lcmaps/doc/Makefile.am
A /trunk/lcmaps-plugins-afs/AUTHORS (from /trunk/lcmaps-plugins-afs/MAINTAINERS:11948)
D /trunk/lcmaps-plugins-afs/MAINTAINERS
M /trunk/lcmaps-plugins-afs/Makefile.am
A /trunk/lcmaps-plugins-basic/AUTHORS (from /trunk/lcmaps-plugins-basic/MAINTAINERS:11948)
D /trunk/lcmaps-plugins-basic/MAINTAINERS
M /trunk/lcmaps-plugins-basic/Makefile.am
A /trunk/lcmaps-plugins-c-pep/AUTHORS (from /trunk/lcmaps-plugins-c-pep/MAINTAINERS:11948)
D /trunk/lcmaps-plugins-c-pep/MAINTAINERS
M /trunk/lcmaps-plugins-c-pep/Makefile.am
A /trunk/lcmaps-plugins-gums/AUTHORS (from /trunk/lcmaps-plugins-gums/MAINTAINERS:11948)
D /trunk/lcmaps-plugins-gums/MAINTAINERS
M /trunk/lcmaps-plugins-gums/Makefile.am
A /trunk/lcmaps-plugins-scas-client/AUTHORS (from /trunk/lcmaps-plugins-scas-client/MAINTAINERS:11948)
D /trunk/lcmaps-plugins-scas-client/MAINTAINERS
M /trunk/lcmaps-plugins-scas-client/Makefile.am
A /trunk/lcmaps-plugins-verify-proxy/AUTHORS (from /trunk/lcmaps-plugins-verify-proxy/MAINTAINERS:11948)
D /trunk/lcmaps-plugins-verify-proxy/MAINTAINERS
M /trunk/lcmaps-plugins-verify-proxy/Makefile.am
A /trunk/lcmaps-plugins-voms/AUTHORS (from /trunk/lcmaps-plugins-voms/MAINTAINERS:11948)
D /trunk/lcmaps-plugins-voms/MAINTAINERS
M /trunk/lcmaps-plugins-voms/Makefile.am
M /trunk/scas/Makefile.am
Renaming MAINTAINERS in AUTHORS and let them be installed.
------------------------------------------------------------------------
r11948 | msalle | 2011-01-06 17:46:36 +0100 (Thu, 06 Jan 2011) | 4 lines
Changed paths:
M /trunk/lcas-plugins-basic/Makefile.am
M /trunk/lcas-plugins-check-executable/Makefile.am
M /trunk/lcas-plugins-voms/Makefile.am
A /trunk/lcmaps-plugins-afs/MAINTAINERS
M /trunk/lcmaps-plugins-afs/Makefile.am
M /trunk/lcmaps-plugins-afs/bootstrap
M /trunk/lcmaps-plugins-afs/configure.ac
A /trunk/lcmaps-plugins-basic/MAINTAINERS
M /trunk/lcmaps-plugins-basic/Makefile.am
M /trunk/lcmaps-plugins-basic/bootstrap
M /trunk/lcmaps-plugins-basic/configure.ac
A /trunk/lcmaps-plugins-c-pep/MAINTAINERS
M /trunk/lcmaps-plugins-c-pep/Makefile.am
M /trunk/lcmaps-plugins-c-pep/bootstrap
M /trunk/lcmaps-plugins-c-pep/configure.ac
A /trunk/lcmaps-plugins-gums/MAINTAINERS
M /trunk/lcmaps-plugins-gums/Makefile.am
M /trunk/lcmaps-plugins-gums/bootstrap
M /trunk/lcmaps-plugins-gums/configure.ac
A /trunk/lcmaps-plugins-scas-client/MAINTAINERS
M /trunk/lcmaps-plugins-scas-client/Makefile.am
M /trunk/lcmaps-plugins-scas-client/bootstrap
M /trunk/lcmaps-plugins-scas-client/configure.ac
A /trunk/lcmaps-plugins-verify-proxy/MAINTAINERS
M /trunk/lcmaps-plugins-verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/bootstrap
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
A /trunk/lcmaps-plugins-voms/MAINTAINERS
M /trunk/lcmaps-plugins-voms/Makefile.am
M /trunk/lcmaps-plugins-voms/bootstrap
M /trunk/lcmaps-plugins-voms/configure.ac
Add missing files for dist
Add MAINTAINERS and LICENSE files for doc
resync bootstrap
------------------------------------------------------------------------
r11871 | msalle | 2010-12-31 14:07:47 +0100 (Fri, 31 Dec 2010) | 3 lines
Changed paths:
M /trunk/glexec/bootstrap
M /trunk/lcmaps/bootstrap
M /trunk/lcmaps-plugins-afs/bootstrap
M /trunk/lcmaps-plugins-basic/bootstrap
M /trunk/lcmaps-plugins-c-pep/bootstrap
M /trunk/lcmaps-plugins-gums/bootstrap
M /trunk/lcmaps-plugins-scas-client/bootstrap
M /trunk/lcmaps-plugins-verify-proxy/bootstrap
M /trunk/lcmaps-plugins-voms/bootstrap
Syncing all bootstrap files and removing reference to src/autogen which is no
longer used.
------------------------------------------------------------------------
r11847 | msalle | 2010-12-28 13:21:44 +0100 (Tue, 28 Dec 2010) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-afs/configure.ac
M /trunk/lcmaps-plugins-basic/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-voms/configure.ac
Changing deprecated AM_CONFIG_HEADER to AC_CONFIG_HEADERS and move output to
src/ directory.
------------------------------------------------------------------------
r11810 | msalle | 2010-12-23 11:55:42 +0100 (Thu, 23 Dec 2010) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
- remove FLAVOUR dependency: interface is now general.
------------------------------------------------------------------------
r11795 | msalle | 2010-12-22 16:00:53 +0100 (Wed, 22 Dec 2010) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
Bail out when LCMAPS interface cannot be found
------------------------------------------------------------------------
r11780 | msalle | 2010-12-21 13:37:04 +0100 (Tue, 21 Dec 2010) | 6 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy
M /trunk/lcmaps-plugins-verify-proxy/bootstrap
D /trunk/lcmaps-plugins-verify-proxy/build.xml
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
D /trunk/lcmaps-plugins-verify-proxy/project/build.number
D /trunk/lcmaps-plugins-verify-proxy/project/build.properties
D /trunk/lcmaps-plugins-verify-proxy/project/configure.properties.xml
A /trunk/lcmaps-plugins-verify-proxy/project/lcmaps.m4
D /trunk/lcmaps-plugins-verify-proxy/project/properties.xml
D /trunk/lcmaps-plugins-verify-proxy/project/version.properties
D /trunk/lcmaps-plugins-verify-proxy/runautotools
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
D /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/gssapi_openssl.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.h
Fixing for EMI and cleanup:
- lcmaps.m4 macro to check for LCMAPS_CFLAGS.
- lcmaps headers
- no glite dependency
- removal of unused files (in project/)
------------------------------------------------------------------------
r11590 | msalle | 2010-06-28 14:05:09 +0200 (Mon, 28 Jun 2010) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.c
Removing one my_timegm() definition as it is superfluous.
------------------------------------------------------------------------
r11589 | msalle | 2010-06-28 14:00:06 +0200 (Mon, 28 Jun 2010) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/grid-proxy-verify.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/verify_x509_utils.c
substituting timegm() for portable my_timegm()
------------------------------------------------------------------------
r11502 | okoeroo | 2010-03-31 16:01:39 +0200 (Wed, 31 Mar 2010) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/bootstrap
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
M /trunk/lcmaps-plugins-verify-proxy/runautotools
M /trunk/lcmaps-plugins-voms/bootstrap
M /trunk/lcmaps-plugins-voms/project/version.properties
M /trunk/lcmaps-plugins-voms/runautotools
Bumped version and updated L & C
------------------------------------------------------------------------
r11449 | okoeroo | 2010-02-18 18:41:56 +0100 (Thu, 18 Feb 2010) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/grid-proxy-verify.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/grid-proxy-verify.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/gssapi_openssl.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/verify_x509_utils.c
Added licence
------------------------------------------------------------------------
r11435 | okoeroo | 2010-02-17 22:37:03 +0100 (Wed, 17 Feb 2010) | 13 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.h
Fixed the Proxy Life Time Policy enforcement functionality.
Fixed the VOMS Life Time Policy enforcement functionality.
Found by Jan Just Keijser at internal testing with the policies. It was broken due to the change over to the extended internal library that I created to better verify proxy certificates.
Resurrected an option with a different name:
--only-enforce-lifetime-checks
When this option is set the verification routines are skipped to enforce the proxy and/or VOMS lifetime policies only. This is interesting for GT4/5 tools like GridFTPd and the Gatekeeper as they already perform full authentication on the SSL layer. In gLExec this plug-in MUST run in full mode.
Bumped version to 1.4.7.
------------------------------------------------------------------------
r11296 | okoeroo | 2009-10-27 12:18:19 +0100 (Tue, 27 Oct 2009) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Now using X509_STORE_CTX_set_depth() without the hack.
Savannah bug #57642
------------------------------------------------------------------------
r11295 | okoeroo | 2009-10-26 21:05:34 +0100 (Mon, 26 Oct 2009) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
OpenSSL uses a default depth of 9 (don't ask why, it just is).
To cope with Subordinate CAs we have to extend the verification depth to be able to hold the certificate chain (could contain a lot of delegations) and all the CA certificate, which might not be added to the certificate chain itself but would still be lingering in the X509 CA directory lookup functions.
------------------------------------------------------------------------
r11205 | okoeroo | 2009-06-26 12:33:28 +0200 (Fri, 26 Jun 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.h
Perfecting the new versions log message cap.
------------------------------------------------------------------------
r11204 | okoeroo | 2009-06-26 12:00:03 +0200 (Fri, 26 Jun 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
Bumping version
------------------------------------------------------------------------
r11203 | okoeroo | 2009-06-26 11:59:01 +0200 (Fri, 26 Jun 2009) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.c
Fixes made in the log function. This was discovered when the DN string exceeded the buffer length that would be written to the log.
This is now capped properly.
------------------------------------------------------------------------
r11201 | okoeroo | 2009-06-25 14:43:54 +0200 (Thu, 25 Jun 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/bootstrap
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
Bumped version and added Mac OSX autotools support.
------------------------------------------------------------------------
r11200 | okoeroo | 2009-06-25 14:40:18 +0200 (Thu, 25 Jun 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Upgrading certificate chain depth limit to the depth of the certificate chain. This sounds pedantic, but the OpenSSL library seems to have a build in limit of 9 certificates. This means that the verify-proxy will fail when having to check more then 9 certificate (including the CA, personal/service and proxies).
------------------------------------------------------------------------
r10956 | okoeroo | 2009-02-18 21:43:36 +0100 (Wed, 18 Feb 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/verify_x509_utils.c
Properly free'ing the certificate chain. (patch provided by Jan Just).
------------------------------------------------------------------------
r10912 | okoeroo | 2009-02-11 12:51:23 +0100 (Wed, 11 Feb 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/Makefile
Bunped version to reflect the change.
------------------------------------------------------------------------
r10911 | okoeroo | 2009-02-11 12:49:21 +0100 (Wed, 11 Feb 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
Fixed the verification failure of limited proxies, delegated from a regular proxy on a CentOS-5 32bit or 64bit machine (openssl 0.9.8 and higher).
------------------------------------------------------------------------
r10873 | okoeroo | 2009-01-27 22:11:35 +0100 (Tue, 27 Jan 2009) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
Rewritten generic verification library part to use vararg instead of void * juggling.
Although it worked perfectly, this is a more flexible and the Good thing (tm) to do.
------------------------------------------------------------------------
r10872 | okoeroo | 2009-01-27 21:43:44 +0100 (Tue, 27 Jan 2009) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
The default (no explicity setting) will demand the presence of a private key and it must match the certificate chain.
You can set the ommission of the key by declaring the "--discard_private_key_absence". Glexec has the opportunity to provide an equivelent when it's setting of "ommission_private_key" is set to yes in the glexec.conf file.
To counter this ommission of the private key explictly in all case (no override possible), the "--never_discard_private_key_absence" option can be set to express this.
------------------------------------------------------------------------
r10871 | okoeroo | 2009-01-27 20:43:40 +0100 (Tue, 27 Jan 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
Enabled the generic verify-lib to enforce the presence of the private key with the presented chain.
------------------------------------------------------------------------
r10870 | okoeroo | 2009-01-27 20:27:27 +0100 (Tue, 27 Jan 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
Reviving ommission of private key and enforcing of the presence of the private key in the presented chain.
------------------------------------------------------------------------
r10855 | okoeroo | 2009-01-21 10:34:42 +0100 (Wed, 21 Jan 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
Another bump
------------------------------------------------------------------------
r10854 | okoeroo | 2009-01-21 10:33:28 +0100 (Wed, 21 Jan 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
Bumping version
------------------------------------------------------------------------
r10853 | okoeroo | 2009-01-21 10:32:57 +0100 (Wed, 21 Jan 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Should fix the build issue on RHEL 5 systems (more strict gcc compiler rulings).
------------------------------------------------------------------------
r10845 | okoeroo | 2009-01-19 12:05:49 +0100 (Mon, 19 Jan 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
Removing Globus and Grid site macros
------------------------------------------------------------------------
r10843 | okoeroo | 2009-01-19 11:29:33 +0100 (Mon, 19 Jan 2009) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/verify_x509_utils.c
New version of lcmaps-plugins-verify-proxy.
Does not require GridSite code anymore. This will allow for its utilization on more platforms that we can currently cope with (OSG/Privilege project request for CentOS5 based systems).
------------------------------------------------------------------------
r10840 | okoeroo | 2009-01-18 22:01:20 +0100 (Sun, 18 Jan 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.c
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.h
builds nicely
------------------------------------------------------------------------
r10839 | okoeroo | 2009-01-16 23:00:35 +0100 (Fri, 16 Jan 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Fixerony
------------------------------------------------------------------------
r10838 | okoeroo | 2009-01-16 18:56:19 +0100 (Fri, 16 Jan 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Making ready to use the new functions.
------------------------------------------------------------------------
r10836 | okoeroo | 2009-01-16 14:33:31 +0100 (Fri, 16 Jan 2009) | 2 lines
Changed paths:
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/Makefile
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509.h
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/interface/verify_x509_datatypes.h
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/main.c
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src/verify_x509.c
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.c
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/_verify_x509.h
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.c
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/log.h
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/verify-lib/src_internal/verify_x509_utils.c
Adding new code
------------------------------------------------------------------------
r10835 | okoeroo | 2009-01-16 14:27:44 +0100 (Fri, 16 Jan 2009) | 2 lines
Changed paths:
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.c
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/proxylifetime/proxylifetime.h
Splitted the proxy lifetime check routines.
------------------------------------------------------------------------
r10834 | okoeroo | 2009-01-16 14:26:59 +0100 (Fri, 16 Jan 2009) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Fixing verify proxy
------------------------------------------------------------------------
r10666 | okoeroo | 2008-09-18 10:04:46 +0200 (Thu, 18 Sep 2008) | 2 lines
Changed paths:
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/grid-proxy-verify.c
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/grid-proxy-verify.h
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Added new routines from Jan Just Keijser's test program.
------------------------------------------------------------------------
r10606 | okoeroo | 2008-09-03 16:03:23 +0200 (Wed, 03 Sep 2008) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
Version bump
------------------------------------------------------------------------
r10605 | okoeroo | 2008-09-03 15:20:22 +0200 (Wed, 03 Sep 2008) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Solution to bug #40822: Changed the behaviour in the proxy certificate semantic checks.
According to the test, a limited proxy couldn't be followed by any proxy certificate. This is a false statement, because it may be followed by another limited proxy.
Also enforced now is the semantic correctness of the chain that a limited proxy may only be followed by limited proxies and not anything else.
------------------------------------------------------------------------
r10493 | okoeroo | 2008-06-12 09:25:13 +0200 (Thu, 12 Jun 2008) | 7 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Check if processes has set the option to allow to discard the private key verification.
The environment variable that provided this choice will be cleared. $VERIFY_PROXY_DISCARD_PRIVATE_KEY_ABSENCE
The New variable "--never_discard_private_key_absence" will mute the environment variable that can override the private key verification functionality. The environment variable that would allow for the discard of the check for the private key will be useless.
This is to be used in situation where the private key check is mandatory AND non-overrideable.
------------------------------------------------------------------------
r10489 | okoeroo | 2008-06-11 15:47:47 +0200 (Wed, 11 Jun 2008) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Bumped version to a new minor version: 1.3.1.1
------------------------------------------------------------------------
r10488 | okoeroo | 2008-06-11 15:08:07 +0200 (Wed, 11 Jun 2008) | 17 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
New tag candidate
Features a new initialization parameter:
--discard_private_key_absence
The NEW default is to check and verify the now obligatory Private key from the PEM string. The PEM string is fetched from the LCMAPS framework (when provided).
If LCMAPS fails to provide that PEM string (maybe legitimate in LCG-CE gatekeeper or gridftpd scenarios), then the check is discarded.
The Private key must match with one of the certificates in the chain. If the Private key is not found in the PEM string, then this is an error condition.
This behavior can be overriden for the absence of the Private key. If the Private key is not provided and when the --discard_private_key_absence option is set, then only a warning message at level 5 ($LCMAPS_LOG_LEVEL=5) will be given.
In the case where the --discard_private_key_absence is set and when a Private key is present in the PEM string, then the check will proceed and the given Private key MUST match one of the certificates in the chain. So in either case when the --discard_private_key_absence is set or not, the Private key will be checked. Only its absense can be discarded when the --discard_private_key_absence option is set.
Other fixes include the prevention of segmentation faults.
------------------------------------------------------------------------
r10484 | okoeroo | 2008-06-10 16:29:29 +0200 (Tue, 10 Jun 2008) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Building in the private key check
------------------------------------------------------------------------
r10483 | okoeroo | 2008-06-10 10:26:59 +0200 (Tue, 10 Jun 2008) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Added lots of CFLAGS for GCC and fixed all issues regarding unused and uninitialized variables.
------------------------------------------------------------------------
r10480 | okoeroo | 2008-06-05 16:12:12 +0200 (Thu, 05 Jun 2008) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
Version 1.2.9.1 solves bug #37303
------------------------------------------------------------------------
r10479 | okoeroo | 2008-06-05 16:10:20 +0200 (Thu, 05 Jun 2008) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
This works and seems to solve bug #37303.
Tested with a proxy chain (with and without VOMS) from Dennis which was signed by the PVier testbed CA.
gLExec's execution of LCMAPS failed on the verification of the chain. It succeeded on my proxy chain.
------------------------------------------------------------------------
r10478 | okoeroo | 2008-06-05 10:57:06 +0200 (Thu, 05 Jun 2008) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/runautotools
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Included the use of GridSite core to evaluate the certificate chain.
This should solve bug #37303 and the original #37304. The later bug changed name and goal.
Besides testing the verification process the Private Key check is not performed yet.
------------------------------------------------------------------------
r10327 | okoeroo | 2007-08-27 16:03:32 +0200 (Mon, 27 Aug 2007) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
Bumped age: No code change but needed to stay in sync for the next jump to LCMAPS 1.4.x
------------------------------------------------------------------------
r10284 | okoeroo | 2007-08-03 00:25:51 +0200 (Fri, 03 Aug 2007) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
bump
------------------------------------------------------------------------
r10196 | venekamp | 2007-05-23 19:20:53 +0200 (Wed, 23 May 2007) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
o Update Makefile.am to make 32/64 bit build possible.
------------------------------------------------------------------------
r10169 | okoeroo | 2007-05-04 15:39:47 +0200 (Fri, 04 May 2007) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
Bumped version
------------------------------------------------------------------------
r10168 | okoeroo | 2007-05-04 14:54:26 +0200 (Fri, 04 May 2007) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/runautotools
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Freeing to much stuff and updated the runautotools script for this component
------------------------------------------------------------------------
r10080 | okoeroo | 2006-12-19 16:28:43 +0100 (Tue, 19 Dec 2006) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
Mistakenly I messed-up a few tagnumbers, but all is corrected again.
------------------------------------------------------------------------
r10076 | okoeroo | 2006-12-13 14:21:20 +0100 (Wed, 13 Dec 2006) | 14 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Finally just took the time to finish the VOMS LifeTime check in the LCMAPS verify_proxy plugin.
Example for the 'lcmaps.db' file:
verify_proxy = "lcmaps_verify_proxy.mod"
" -certdir /etc/grid-security/certificates"
" --max-proxy-level-ttl=0 12:05"
" --max-proxy-level-ttl=L 12:05"
" --max-proxy-level-ttl=1 12:00"
" --max-voms-ttl 11:00"
The last line is the new feature. Also using the 2d-11:00 format (2 days and 11 hours) to set the maximum lifetime.
------------------------------------------------------------------------
r10056 | okoeroo | 2006-11-30 11:18:17 +0100 (Thu, 30 Nov 2006) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
Includes the CFLAGS fix for etics, plus bumped version to 1.2.3
note: mind the $(libdir)
------------------------------------------------------------------------
r10012 | okoeroo | 2006-10-24 13:28:20 +0200 (Tue, 24 Oct 2006) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
checked and updated a few messages.
------------------------------------------------------------------------
r9984 | okoeroo | 2006-10-16 14:40:39 +0200 (Mon, 16 Oct 2006) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
getting closer and closer on finally implementing VOMS LifeTime restrictions
------------------------------------------------------------------------
r9922 | okoeroo | 2006-08-31 14:17:32 +0200 (Thu, 31 Aug 2006) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
The lcmaps_vomsdata_t is not needed to function succesfully.
When VOMS credentials passthough, then the VOMS credentials need to be evaluated, otherwise it shouldn't be the show stopper
------------------------------------------------------------------------
r9898 | okoeroo | 2006-08-18 15:13:07 +0200 (Fri, 18 Aug 2006) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
VOMS lifetime support initiatiation finished, need to implement the functionas that parse the date strings and figure out what to do next.
------------------------------------------------------------------------
r9895 | okoeroo | 2006-08-17 10:59:31 +0200 (Thu, 17 Aug 2006) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Altered the lcmaps_voms_t to lcmaps_vomsdata_t as the main non-dependant VOMS data structure for internal use.
Basicly a remake of the existing structure, but now in our own code.
Which creates a more detailed structure of all known VOMS values from the proxy.
------------------------------------------------------------------------
r9831 | okoeroo | 2006-05-12 12:01:51 +0200 (Fri, 12 May 2006) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
Bumped version to 1.2.2 to sync with the tagname
------------------------------------------------------------------------
r9826 | okoeroo | 2006-05-12 11:39:00 +0200 (Fri, 12 May 2006) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Solved the initialization problem of the multiple proxy level max TTLs
------------------------------------------------------------------------
r9821 | okoeroo | 2006-05-08 12:40:22 +0200 (Mon, 08 May 2006) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Fixed the proxy life time per proxy level (in the cert chain).
It works succesfully and the code is more efficiently then before.
------------------------------------------------------------------------
r9818 | okoeroo | 2006-05-02 16:11:30 +0200 (Tue, 02 May 2006) | 9 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Changed the #define LCMAPS_USE_GSI to #define LCMAPS_VERIFY_USE_GSI to indicate a difference between the one in the framework and this define.
It is defaulted to #undef
This will let the plugin be compiled without GSI and only with X.509. This works when using the glexec.
This is tested and succesfull.
Yet to come:
...is to run in default X.509 mode but also (when compiled with GSI) being able to hot-switch to grab a gss_cred_t which needs to be translated to X.509. Only done in absence of a X.509 chain AND compiled with GSI libs.
------------------------------------------------------------------------
r9791 | okoeroo | 2006-03-31 15:34:54 +0200 (Fri, 31 Mar 2006) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
Bumped version accordingly to 1.2.0
------------------------------------------------------------------------
r9790 | okoeroo | 2006-03-31 15:32:39 +0200 (Fri, 31 Mar 2006) | 14 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
All parameters are now case insensitive for this plugin:
Like:
-certdir <example: /etc/grid-security/certificates>
certificates and crls dir
--only-post-verify-checks (synonymous to --only-post-verify)
perform only the post verification checks, like validation checks throughout the cert-chain proxy DN naming policies, and the proxy-lifetime checks
--allow-limited-proxy
Will not fail the plugin because the last proxy in the chain is a limited proxy; thou shouldn't use a limited proxy to do user mapping (and sudo actions)
--max-proxy-level-ttl=<level> <time-length; example: 2d-13:37>
Sets a maximum lifetime for proxy certificate level <level> where <level> can be 0-9 or 'l' or 'L' to indicate a Leaf proxy (last proxy in the chain)
------------------------------------------------------------------------
r9789 | okoeroo | 2006-03-31 14:58:12 +0200 (Fri, 31 Mar 2006) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Performed:
- Code clean up
- change in init parameter '-pttl'; it is now '--max-proxy-level-ttl=' where it expects a value of 0-9 or 'l' or 'L'. The L stand for Leaf proxy (the last one in the change).
- More effient code, less expensive operations
------------------------------------------------------------------------
r9532 | okoeroo | 2006-02-27 14:17:22 +0100 (Mon, 27 Feb 2006) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Changing the default runarg for a certificate stack from GSI to STACK_OF(X509) to work correctly with glexec
Note: This could give problems when used in a GSI frontended setup like the gatekeeper if
the LCMAPS framework is not supplying the STACK_OF(X509)
------------------------------------------------------------------------
r9364 | msteenba | 2006-02-16 14:20:12 +0100 (Thu, 16 Feb 2006) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
version 1.1.0
- proxy lifetime check per proxy depth
- optional certificate chain cerification
------------------------------------------------------------------------
r9275 | okoeroo | 2006-02-10 16:44:50 +0100 (Fri, 10 Feb 2006) | 9 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Implemented the checks which belong to the [-pttl<level>|-pTTL<level>] <time length>
Where <level> can be one of the following characters [0-9lL] and the 'lL' part reverse to the Leaf proxy.
Which is the proxy that is the last one in the chain and will be a interesting to treat with special care.
<time length> is still in the format 2d-13:37 where a minimum is set on five characters like 13:37
It still needs testing!
------------------------------------------------------------------------
r9219 | okoeroo | 2006-02-09 01:13:28 +0100 (Thu, 09 Feb 2006) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
I'm going to fail the procedure when an unspecified proxylevel is evaluated (for the moment).
Atleast until the plugin will understand the noticion of a LEAF Proxy.
A LEAF Proxy (or just leaf) is the last and final proxy in a chain, which is usually the most interesting to evaluate at the moment.
------------------------------------------------------------------------
r9203 | okoeroo | 2006-02-07 16:56:12 +0100 (Tue, 07 Feb 2006) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Added seperate function to test proxy lifetime as wished
Added extra time conversion function
------------------------------------------------------------------------
r9099 | okoeroo | 2006-02-02 03:16:51 +0100 (Thu, 02 Feb 2006) | 9 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Written the ability to do the multi-level proxy checks, which I still
need to write.
The possible options are:
-certdir <CA cert dir> || -CERTDIR <CA cert dir>
--only-post-verify-checks || --only-post-verify
--allow-limited-proxy || --ALLOW-LIMITED-PROXY || --allow-limited-proxy || -ALLOW-LIMITED-PROXY || -ALLOW-LIMITED-PROXY
-pttl[0-9] 2d-13:37 || -pTTL[0-9] 2d-13:37
------------------------------------------------------------------------
r8711 | okoeroo | 2006-01-04 15:04:29 +0100 (Wed, 04 Jan 2006) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Fixed two memory leaks and changed one procedure in a more light wait fashion.
Like: using sk_X509_pop_free (dupChain, X509_free) on a duplicated stack, using a buffer when wanting to use a string for logging purposes instead of 2 convertion procedures.
and cleaning two used string on the right moment.
------------------------------------------------------------------------
r8109 | okoeroo | 2005-12-22 17:52:38 +0100 (Thu, 22 Dec 2005) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Build in new option: "-check-proxy-max-ttl 10d-12:37"
This will check if a proxy in the chain exceeds the maximum lifetime.
This check needs to be refined to only effect the leaf proxy of the chain.
But... it works :D
------------------------------------------------------------------------
r8037 | msteenba | 2005-12-20 16:05:50 +0100 (Tue, 20 Dec 2005) | 2 lines
Changed paths:
M /trunk/lcas/src/lcas.c
M /trunk/lcas-plugins-voms/src/voms/Makefile.am
M /trunk/lcmaps/src/Makefile.am
M /trunk/lcmaps/src/pluginmanager/lcmaps_pluginmanager.c
M /trunk/lcmaps/src/test/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-voms/src/voms/Makefile.am
use libvomsapi instead of libvomsc (for voms > 1.6.0)
------------------------------------------------------------------------
r7769 | okoeroo | 2005-12-08 18:47:55 +0100 (Thu, 08 Dec 2005) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Discovered a small flaw in the code prior to implementing Proxy Life Time checking... Stay tuned :-)
------------------------------------------------------------------------
r7752 | msteenba | 2005-12-07 10:07:40 +0100 (Wed, 07 Dec 2005) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
- fixed argument parsing bug
- corrected cpp statement
- corrected log string
------------------------------------------------------------------------
r7736 | okoeroo | 2005-12-06 09:18:56 +0100 (Tue, 06 Dec 2005) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
The changes involve a new parameter to be set called "-allow-limited-proxy"
By default limited proxies will be rejected!
This can be overridden by passing this new option to the plugin as init value
------------------------------------------------------------------------
r7525 | msteenba | 2005-11-23 18:53:47 +0100 (Wed, 23 Nov 2005) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
- switch off gsi-mode
- initialized several variables
- Check if CA certificates directory is set
------------------------------------------------------------------------
r7509 | msteenba | 2005-11-23 14:27:18 +0100 (Wed, 23 Nov 2005) | 2 lines
Changed paths:
M /trunk/lcmaps/configure.ac
M /trunk/lcmaps/project/version.properties
M /trunk/lcmaps-interface/configure.ac
M /trunk/lcmaps-interface/project/version.properties
M /trunk/lcmaps-plugins-afs/configure.ac
M /trunk/lcmaps-plugins-afs/project/version.properties
M /trunk/lcmaps-plugins-basic/configure.ac
M /trunk/lcmaps-plugins-basic/project/version.properties
M /trunk/lcmaps-plugins-jobrep/configure.ac
M /trunk/lcmaps-plugins-jobrep/project/version.properties
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/project/version.properties
M /trunk/lcmaps-plugins-voms/configure.ac
M /trunk/lcmaps-plugins-voms/project/version.properties
updated version
------------------------------------------------------------------------
r7420 | okoeroo | 2005-11-18 14:38:28 +0100 (Fri, 18 Nov 2005) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
A pretty very good working version.
It validates my testing proxy very well. I need to test it with GL-Exec.
The validation of the user certificate and the parsing of the proxies is done now.
No VOMS extensions are verified.
------------------------------------------------------------------------
r7360 | okoeroo | 2005-11-14 16:47:28 +0100 (Mon, 14 Nov 2005) | 4 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
Gathering the certificate in another way ... so that I can cope with sub ordinate CAs (if they have there certificates installed on the host)
Checks within a proxy need to be done yet.... this is a succesfull CRL check (I hope ...)
Needs to be tested though ... with glexec
------------------------------------------------------------------------
r7316 | okoeroo | 2005-11-11 16:17:00 +0100 (Fri, 11 Nov 2005) | 6 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
First certificate verify executed correctly. Not the chain yet, just the certificate against the CRLs and CAs.
Need to build:
- all the checks needed to verify a proxy
- need to verify the CA cert itself
- need to verify VOMS extensions
------------------------------------------------------------------------
r7260 | okoeroo | 2005-11-09 00:35:33 +0100 (Wed, 09 Nov 2005) | 5 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
This version has the untested but building version of the verify proxy module
which doesn't need any Globus stuff anymore, because we can extract/(re)create
from the LCMAPS framework and each module can get a stackof(x509) or just the x509.
It is cool to be working at a very low level without all these dependancies.
------------------------------------------------------------------------
r7257 | okoeroo | 2005-11-08 16:24:40 +0100 (Tue, 08 Nov 2005) | 3 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
changed a lot of stuff, mainly pulling out the jobrep stuff and adding the needed stuff to verify a proxy
ow ... and it builds
------------------------------------------------------------------------
r7200 | okoeroo | 2005-11-04 16:52:16 +0100 (Fri, 04 Nov 2005) | 2 lines
Changed paths:
M /trunk/lcmaps-plugins-verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/build.xml
M /trunk/lcmaps-plugins-verify-proxy/configure.ac
D /trunk/lcmaps-plugins-verify-proxy/org.glite.subsystem_template.component_template
M /trunk/lcmaps-plugins-verify-proxy/project/configure.properties.xml
M /trunk/lcmaps-plugins-verify-proxy/project/properties.xml
M /trunk/lcmaps-plugins-verify-proxy/src/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
M /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/gssapi_openssl.h
Why do I need this?
------------------------------------------------------------------------
r7199 | okoeroo | 2005-11-04 16:38:29 +0100 (Fri, 04 Nov 2005) | 2 lines
Changed paths:
A /trunk/lcmaps-plugins-verify-proxy
A /trunk/lcmaps-plugins-verify-proxy/Doxyfile
A /trunk/lcmaps-plugins-verify-proxy/LICENSE
A /trunk/lcmaps-plugins-verify-proxy/Makefile.am
A /trunk/lcmaps-plugins-verify-proxy/bootstrap
A /trunk/lcmaps-plugins-verify-proxy/build.xml
A /trunk/lcmaps-plugins-verify-proxy/configure.ac
A /trunk/lcmaps-plugins-verify-proxy/org.glite.subsystem_template.component_template
A /trunk/lcmaps-plugins-verify-proxy/org.glite.subsystem_template.component_template/LICENSE
A /trunk/lcmaps-plugins-verify-proxy/org.glite.subsystem_template.component_template/build.xml
A /trunk/lcmaps-plugins-verify-proxy/org.glite.subsystem_template.component_template/project
A /trunk/lcmaps-plugins-verify-proxy/org.glite.subsystem_template.component_template/project/build.number
A /trunk/lcmaps-plugins-verify-proxy/org.glite.subsystem_template.component_template/project/build.properties
A /trunk/lcmaps-plugins-verify-proxy/org.glite.subsystem_template.component_template/project/configure.properties.xml
A /trunk/lcmaps-plugins-verify-proxy/org.glite.subsystem_template.component_template/project/properties.xml
A /trunk/lcmaps-plugins-verify-proxy/org.glite.subsystem_template.component_template/project/version.properties
A /trunk/lcmaps-plugins-verify-proxy/project
A /trunk/lcmaps-plugins-verify-proxy/project/build.number
A /trunk/lcmaps-plugins-verify-proxy/project/build.properties
A /trunk/lcmaps-plugins-verify-proxy/project/configure.properties.xml
A /trunk/lcmaps-plugins-verify-proxy/project/properties.xml
A /trunk/lcmaps-plugins-verify-proxy/project/version.properties
A /trunk/lcmaps-plugins-verify-proxy/runautotools
A /trunk/lcmaps-plugins-verify-proxy/src
A /trunk/lcmaps-plugins-verify-proxy/src/Makefile.am
A /trunk/lcmaps-plugins-verify-proxy/src/lcmaps_config.h.in
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/Makefile.am
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/gssapi_openssl.h
A /trunk/lcmaps-plugins-verify-proxy/src/verify-proxy/lcmaps_verify_proxy.c
New plugin to the LCMAPS framework that will verify a certificate chain
------------------------------------------------------------------------
|
