Perform a much more accurate comparison between two certificates to determine if they are identical when checking their revocation status. Fixes #3237
Move variable declaration to the top, declare it global before defining. Fixes #3090
Remove irrelevant comment.
Show cert start/end dates in list.
Allow selecting the digest algorithm when creating a CA or Cert. Implements #2765
Implement certificate chain in Captive Portal
Use Certificate Manager in Captive Portal settings
Add an indication in the certificate list to show if a certificate is internally capable of being a CA (basicConstraints has CA:TRUE) or if the nsCertType is set to server.
When creating an internal certificate, offer the user a choice of what constraints to place upon the certificate (CA, Server, or User).
Specify full path to openssl.cnf, and select the relevant section to use when generating certificates.
Add function to return a certificate's common name.
Import error handling to avoid errors.
Internal cert and CSR creation error handling added.
Internal CA creation error handling added.
Intermediate CAs and openssl_xxx() error checking in CA management.
Merge branch 'master' into yakatz-ssl
Test for array/size before foreach
Various CRL fixes, handle empty internal CRLs better.
If we have deleted the last cert from the CRL, blank out the text.
checking moduli of ssl csr request and response
Allow editing of CAs, so that imported CAs can have their private keys added later (mainly affected users upgrading from 1.2.3 and wanting to use the cert manager). Also, allow editing the CA's serial, since this shouldn't really be 0 for imported CAs, but the serial of the last cert that was made from this CA.
Don't consider a cert as in use by the GUI if it's in HTTP mode. Fixes #1171
Do not use references here when building a ca_chain_array. Really fixes #1231 - CAs are no longer lost when a config write happens at bootup.
Ticket #621. Sort even csr subject to have the matching go ok during import of externally signed cers.
Ticket #621. sort the contents of array used for generating subject by keys so whenever we do subject comparison we will not have problem just because of the array keys ordering.
Fix this code a bit, my first attempt yesterday didn't work properly (this should).
Try to handle when cert subject entries are arrays.
Remove trailing carriage return
Add ability to select reason codes for revocation. Reformat CRL edit screen a bit. Ticket #555
Add more CRL functionality. Needs to wait on a new build for further testing.
Rename 'name' to 'descr' for CA, Certificates, and CRLs, to gain CDATA protection and standardize field names. Ticket #320.
Pass args to openssl_pkey_new() so it gets the key length too. Fixes #905
Properly check if this is in use.
Some fixes/enhancements/cleanup
Prevent a foreach on what might not be an array. Fixes #900
Fix this function's logic/variable tests.
Add some safety belt checks so we don't try to update an imported crl
Add some CRL support functions, not active or used in the GUI yet.
Remove two unused functions (now useless) and add a few more utility functions.
CA/CERT Move
Add some user cert lookup functions.
Allow importing of a CA's private key (optionally).
Perform more strict validation on CA and Cert names before proceeding in the wizard.
Remove uneeded line because openssl module will be already loaded.
Ticket #161. Fix creation of certificates and the webgui one. This was a problem on php API docs.
Ticket #395. Add the path to the openssl.cnf to avoid errors. /etc/ssl/openssl.cnf needs to be tuned more to suit pfSense.
Convert to int so the keylength is respected during sign.
Ticket #161. Seems this does the trick for firefox.
Add pfSense_BUILDER_BINARIES: and pfSense_MODULE: additions
Resolve merge
Merge branch 'master' of git://rcs.pfsense.org/pfsense/nigel-ca-chain into review/master
Conflicts: etc/inc/certs.inc etc/inc/upgrade_config.inc
Found another bug in ca_chain_array.
Fixed a problem in ca_chain that caused a segmentation fault.
Added support for certificate chains to manager so that lighty can deliver them via SSL.
Add validation for the ca configuration array presence. Minor style fixes.
Add validation
Implement a certificate authority and certificate webui that can be usedto centrally manage this data. There are no consumers at this time. Thisinterface allow for the following ...
Certificate Authority Manager:- List certificates authorities- Import existing certificate authority...