Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-02-13 | pki: T6034: add OpenSSH key support | Christian Breunig | |
set pki openssh rpki private key ... set pki openssh rpki public key ... set pki openssh rpki public type 'ssh-rsa' (cherry picked from commit 8c78ef0879f22ffd4a5f7fdb175e9109b46e9d7b) | |||
2023-08-09 | pki: T5273: add a certificate fingerprint command | Daniil Baturin | |
2022-06-29 | openvpn: T4485: Update PKI migrator to handle full CA chain migration | sarthurdev | |
* Also determines and maps to correct CA for migrated CRL | |||
2022-06-29 | openvpn: T4485: Accept multiple `tls ca-certificate` values | sarthurdev | |
2022-05-30 | pki: T3642: Add ability to import files into PKi configuration | sarthurdev | |
2022-02-17 | pki: eapol: T4245: Add full CA and client cert chains to wpa_supplicant PEM ↵ | Andrew Gunnerson | |
files This commit updates the eapol code so that it writes the full certificate chains for both the specified CA and the client certificate to `<iface>_ca.pem` and `<iface>_cert.pem`, respectively. The full CA chain is necessary for validating the incoming server certificate when it is signed by an intermediate CA and the intermediate CA cert is not included in the EAP-TLS ServerHello. In this scenario, wpa_supplicant needs to have both the intermediate CA and the root CA in its `ca_file`. Similarly, the full client certificate chain is needed when the ISP expects/requires that the client (wpa_supplicant) sends the client cert + the intermediate CA (or even + the root CA) as part of the EAP-TLS ClientHello. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com> | |||
2021-07-21 | pki: openvpn: T3642: Migrate OpenVPN to PKI and refactor | sarthurdev | |
2021-07-05 | pki: T3642: Support for adding SANs on certificate requests | sarthurdev | |
2021-07-04 | pki: T3642: Add standard extensions to generated certificates | sarthurdev | |
2021-06-29 | pki: T3642: New PKI config and management | sarthurdev | |