Commit graph

27 commits

Author SHA1 Message Date
Chris Moos
7bdc9e26f7 GetOCSPCert should fail if there are no OCSP servers in the cert. 2016-02-06 23:19:32 -07:00
Matthew Holt
19ea2cbf75 Fix PEM decoding if file ends with multiple newlines
This method more closely reflects how crypto/tls does it here: https://golang.org/src/crypto/tls/tls.go?s=5139:5210#L174
2016-01-11 10:02:28 -07:00
xenolf
db1a519684 Add the ability to reuse a private key 2016-01-08 10:14:41 +01:00
xenolf
1193ae895a Merge pull request #66 from xenolf/user-agent-string
Implement custom User-Agent string
2016-01-07 04:51:31 +01:00
Matthew Holt
0786c993c9 Return full, parsed ocsp response instead of just the status 2015-12-31 16:07:18 -07:00
Matthew Holt
89908f39e9 Implement custom User-Agent string
Also a couple miscellaneous vet fixes
2015-12-30 15:01:21 -07:00
Mustafa Altun
f3df6b81b2 Fix gofmt errors 2015-12-24 10:57:09 +02:00
xenolf
7789bd2ffc Limit OCSP answers to 1MB.
fixes #56
2015-12-18 22:33:30 +01:00
xenolf
7662cbcec5 Merge pull request #30 from xenolf/add-san-cert
Add SAN certificates - fix #20
2015-11-18 22:07:54 +01:00
xenolf
17576f0626 Update README & Extract KeyAuthorizations from HTTP-01 2015-11-16 23:57:04 +01:00
xenolf
27a8cff3c6 Initial support for SAN certificates 2015-11-11 01:01:15 +01:00
Matthew Holt
2c24056374 Close leaky file descriptors 2015-10-30 15:38:59 -06:00
Matthew Holt
f146acc019 fix panic for situation common with self-signed certs 2015-10-28 21:36:02 -06:00
xenolf
94aeac7b5f Add the OCSP status code to GetOCSPForCert 2015-10-27 23:55:50 +01:00
xenolf
65b62b5670 Make ocsp validate the signature of a response.
OCSP signatures should get validated if no issuer certificate is returned from
the OCSP responder.
2015-10-27 22:31:56 +01:00
xenolf
2afea79309 Fix cert bundle order 2015-10-24 04:31:12 +02:00
xenolf
51a95ee548 Add initial support for certificate bundling 2015-10-24 03:55:18 +02:00
xenolf
d6f4e42b13 Add support for getting OCSP responses for OCSPStapling 2015-10-24 03:46:00 +02:00
xenolf
4d99c9e543 Support for RecoveryKey (not enabled). But not supported server side... 2015-10-23 16:24:02 +02:00
xenolf
dc4125d3cf Change GetCertExpiration to accept PEM encoded certs. 2015-10-19 00:36:25 +02:00
Matt Holt
5d31b0a04c Fix panic 2015-10-17 20:58:14 -06:00
xenolf
7f6f790253 Wrap []byte for DER certificates in its own type. 2015-10-18 03:29:26 +02:00
xenolf
dcdcde03aa Certificates are PEM encoded by default now 2015-10-18 03:10:46 +02:00
xenolf
835927f5d5 Clean-up ugly zero time check 2015-10-18 00:25:46 +02:00
xenolf
3ef08f7413 Add a comment to GetCertExpiration 2015-10-17 22:27:04 +02:00
xenolf
34910bd541 Add a function to check cert expiration dates. 2015-10-16 21:05:16 +02:00
xenolf
b04e5a4aac add crypto.go 2015-06-13 03:57:05 +02:00