user/ragge/catlfish.git/src, branch master Ragges CT repository Fix a bug where verification of EC signatures made us crash. 2015-02-27T00:55:15+00:00 Linus Nordberg linus@nordberg.se 2015-02-27T00:55:15+00:00 b41acdada125a41c40e94177b8ebdc2bb7d130b6 Also, have valid_chain_p return boolean, add some debug logging and detect invalid signature types instead of crashing. 
Also, have valid_chain_p return boolean, add some debug logging and
detect invalid signature types instead of crashing.
Verify that known roots are indeed signing themselves. 2015-02-27T00:51:12+00:00 Linus Nordberg linus@nordberg.se 2015-02-27T00:51:12+00:00 85615c8e621aa16026faf07f01bf0ba0776c191f This filters out certificates with signing algorithms that we can't handle. Also, make unit tests better. 
This filters out certificates with signing algorithms that we can't
handle.

Also, make unit tests better.
Even more debug logging. 2015-02-25T15:22:18+00:00 Linus Nordberg linus@nordberg.se 2015-02-25T15:21:35+00:00 bdfde9547c151588917fd932ecf74377d3c378c3 






Add debug logging.
2015-02-25T15:01:14+00:00

Linus Nordberg
linus@nordberg.se

2015-02-25T15:01:14+00:00

4312e98aad7aaf1d2bc43b3e0ef0ace5a5788c5f

Trying to figure out why public_key:verify isn't found in docker images.





Trying to figure out why public_key:verify isn't found in docker images.







Log time spent serving a request
2015-02-20T13:12:47+00:00

Magnus Ahltorp
map@kth.se

2015-02-02T15:47:01+00:00

4f4a1cb883f53538ee25ba618aeae5d00202166f












Make mochiweb pool size configurable
2015-02-20T13:12:47+00:00

Magnus Ahltorp
map@kth.se

2015-01-29T23:32:15+00:00

5fbbb3e0bf7ea28dc8c5061ccb73fa5827872537












Stop validating that cert.issuer matches issuer.subject.
2015-02-20T11:20:09+00:00

Linus Nordberg
linus@nordberg.se

2015-02-20T11:20:09+00:00

4d2993890fed46c5611735e84d4f737e8c342718

Even canoncalized versions of this data mismatch in otherwise proper
chains. Since we're not here to validate chains for any other reasons
than attribution and spam control, let's stop validate
cert.issuer==candidate.subject. We still verify the cryptographic
chain with signatures of tbsCertificates of course.

Resolves CATLFISH-19.





Even canoncalized versions of this data mismatch in otherwise proper
chains. Since we're not here to validate chains for any other reasons
than attribution and spam control, let's stop validate
cert.issuer==candidate.subject. We still verify the cryptographic
chain with signatures of tbsCertificates of course.

Resolves CATLFISH-19.







Make unit tests work again.
2015-02-19T15:17:01+00:00

Linus Nordberg
linus@nordberg.se

2015-02-19T15:17:01+00:00

7cbbfa7c7e0fba134838c5c9c58d2d3174232882

Makefile target 'check' runs them.





Makefile target 'check' runs them.







Verify certificates by decoding them as 'plain' certs rather than 'otp.
2014-11-18T10:23:59+00:00

Linus Nordberg
linus@nordberg.se

2014-11-18T10:21:15+00:00

5847ef948baeadf4582234f4c3e7ecff2791b4cf

OTP cert validation is too strict. Let's see if this is forgiving
enough for our needs.

Also, move all cert reading from disk to x509.erl.





OTP cert validation is too strict. Let's see if this is forgiving
enough for our needs.

Also, move all cert reading from disk to x509.erl.







Entry hash runs over leaf plus chain.
2014-11-18T09:58:21+00:00

Linus Nordberg
linus@nordberg.se

2014-11-18T09:58:21+00:00

293b1df48c6d376dee0f1f2512486b8a68488a9c

Closes CATLFISH-5.





Closes CATLFISH-5.