stack/cam.git
10 years agoadd 'verify' subcommand
godog [Tue, 7 Oct 2014 22:25:39 +0000 (23:25 +0100)]
add 'verify' subcommand

10 years agoallow CA public key renewal
godog [Tue, 7 Oct 2014 21:30:48 +0000 (22:30 +0100)]
allow CA public key renewal

setting unique_subject = no allows for key rollovers:

  if the value yes is given, the valid certificate entries in the database must
  have unique subjects. if the value no is given, several valid certificate
  entries may have the exact same subject. The default value is yes, to be
  compatible with older (pre 0.9.8) versions of OpenSSL. However, to make CA
  certificate roll-over easier, it's recommended to use the value no,
  especially if combined with the -selfsign command line option.

10 years agosplit commands into their own functions; improve logging and error reporting
ale [Sat, 27 Sep 2014 09:49:06 +0000 (10:49 +0100)]
split commands into their own functions; improve logging and error reporting

10 years agoextend the documentation a bit
ale [Sat, 27 Sep 2014 09:23:57 +0000 (10:23 +0100)]
extend the documentation a bit

10 years agoswitch the digest default to SHA2
ale [Sat, 27 Sep 2014 08:35:00 +0000 (09:35 +0100)]
switch the digest default to SHA2

10 years agouse the specified digest for the CSR
ale [Sat, 27 Sep 2014 08:32:33 +0000 (09:32 +0100)]
use the specified digest for the CSR

10 years agoadd .gitignore
ale [Sat, 27 Sep 2014 08:24:27 +0000 (09:24 +0100)]
add .gitignore

10 years agoadd Tox config
ale [Sat, 27 Sep 2014 08:24:09 +0000 (09:24 +0100)]
add Tox config

10 years agogive README a proper file extension so that it renders correctly
ale [Sat, 27 Sep 2014 08:18:49 +0000 (09:18 +0100)]
give README a proper file extension so that it renders correctly

10 years agomade signature algorithm configurable
ale [Sun, 17 Aug 2014 16:20:26 +0000 (17:20 +0100)]
made signature algorithm configurable

10 years agoalways revoke the certificate, even if it is already expired
ale [Fri, 7 Feb 2014 18:56:50 +0000 (18:56 +0000)]
always revoke the certificate, even if it is already expired

10 years agoallow specifying nsCertType in config
ale [Sun, 29 Dec 2013 16:55:56 +0000 (16:55 +0000)]
allow specifying nsCertType in config

10 years agoadd missing package_data
ale [Sun, 29 Dec 2013 15:54:12 +0000 (15:54 +0000)]
add missing package_data

12 years agoalways regenerate the CA config file if necessary
ale [Mon, 10 Dec 2012 20:14:37 +0000 (20:14 +0000)]
always regenerate the CA config file if necessary

12 years agoensure that the generated CRL is in DER format
ale [Mon, 10 Dec 2012 19:51:32 +0000 (19:51 +0000)]
ensure that the generated CRL is in DER format

12 years agoremoved NS Comment attribute
ale [Sun, 9 Dec 2012 19:03:47 +0000 (19:03 +0000)]
removed NS Comment attribute

12 years agoremove obsolete Netscape Revocation url attributes
ale [Sun, 9 Dec 2012 19:02:56 +0000 (19:02 +0000)]
remove obsolete Netscape Revocation url attributes

12 years agosupport relocatable ca roots
ale [Sat, 17 Nov 2012 12:49:56 +0000 (12:49 +0000)]
support relocatable ca roots

12 years agodump certs on stderr
ale [Wed, 8 Feb 2012 11:13:48 +0000 (11:13 +0000)]
dump certs on stderr

12 years agocorrectly set the email as subjectAltName of the CA certificate only; do not add...
ale [Wed, 8 Feb 2012 11:13:28 +0000 (11:13 +0000)]
correctly set the email as subjectAltName of the CA certificate only; do not add it to the DN

12 years agoadd a full integration test via main()
ale [Wed, 8 Feb 2012 10:27:22 +0000 (10:27 +0000)]
add a full integration test via main()

12 years agoprint expiration dates in the "list" command
ale [Mon, 6 Feb 2012 19:55:14 +0000 (19:55 +0000)]
print expiration dates in the "list" command

12 years agoadd the "fp" command to dump fingerprints; minor fixes to the help doc
ale [Mon, 6 Feb 2012 19:33:09 +0000 (19:33 +0000)]
add the "fp" command to dump fingerprints; minor fixes to the help doc

12 years agoupgrade to CAM v2.0
ale [Mon, 6 Feb 2012 19:02:45 +0000 (19:02 +0000)]
upgrade to CAM v2.0

18 years agore-added the '-selfsign' option so that at least the 'newca' command works with opens...
ale [Fri, 15 Dec 2006 09:33:39 +0000 (09:33 +0000)]
re-added the '-selfsign' option so that at least the 'newca' command works with openssl 0.9.8

18 years agofixed issue #1 - cam library path now has precedence
ale [Thu, 7 Dec 2006 11:36:05 +0000 (11:36 +0000)]
fixed issue #1 - cam library path now has precedence

18 years agofixed previous commit: one -selfsign option was left
ale [Thu, 7 Dec 2006 11:34:13 +0000 (11:34 +0000)]
fixed previous commit: one -selfsign option was left

18 years agodropped -selfsign option; revoke certificates that are re-generated but not expired...
ale [Thu, 7 Dec 2006 09:39:27 +0000 (09:39 +0000)]
dropped -selfsign option; revoke certificates that are re-generated but not expired; fixes

18 years agofix.
ale [Wed, 2 Aug 2006 01:26:18 +0000 (01:26 +0000)]
fix.

18 years agocheck for existance of configuration file.
ale [Wed, 2 Aug 2006 01:25:52 +0000 (01:25 +0000)]
check for existance of configuration file.

18 years agoimport iniziale
ale [Wed, 2 Aug 2006 01:23:58 +0000 (01:23 +0000)]
import iniziale