Commits · master · ai / cam

20 Oct, 2016 1 commit
- ci: initial configuration · 3615ae22
  ale authored Oct 20, 2016
  
  3615ae22
13 Jun, 2015 1 commit
- add --password option for the CA password · 190268ac
  ale authored Jun 13, 2015
  
  190268ac
29 Apr, 2015 1 commit

don't copy issuer to authorityKeyIdentifier · 29c8be70

godog authored Apr 29, 2015

issuer contains the CA' serial number, thus making CA rollover trickier (you'd
need to issue a new cert with the same serial). Having only keyid allows for
easier CA rollover.

29c8be70

09 Apr, 2015 5 commits
- remove useless -keyfile, read from config · e6a32284
  godog authored Apr 09, 2015
  
  e6a32284
- fix tests · e0d9a42e
  godog authored Apr 09, 2015
  
  e0d9a42e
- restrict tox to python2.7 · 92f665c0
  godog authored Apr 09, 2015
```
mox isn't python3 ready (syntax error) thus restrict to 2
```
  92f665c0
- run 2to3 and fix import ConfigParser · f92c8c99
  godog authored Apr 09, 2015
  
  f92c8c99
- fix _getpw() usage and pass password over stdin · f10dc3c2
  godog authored Apr 08, 2015
```
don't put the CA password on the command line, pass it in to openssl via stdin
```
  f10dc3c2
08 Apr, 2015 3 commits
- create CA private key if not found · aec84c5c
  godog authored Apr 08, 2015
  
  aec84c5c
- cleanup · f48c2e88
  godog authored Apr 08, 2015
  
  f48c2e88
- fix unique_subject section · 5040a5b2
  godog authored Apr 08, 2015
  
  5040a5b2
07 Oct, 2014 3 commits

add ca.verify tests · 9a961f60
godog authored Oct 07, 2014

9a961f60
add 'verify' subcommand · d439174a
godog authored Oct 07, 2014

d439174a

allow CA public key renewal · 99d387f6

godog authored Oct 07, 2014

setting unique_subject = no allows for key rollovers:

if the value yes is given, the valid certificate entries in the database must
have unique subjects. if the value no is given, several valid certificate
entries may have the exact same subject. The default value is yes, to be
compatible with older (pre 0.9.8) versions of OpenSSL. However, to make CA
certificate roll-over easier, it's recommended to use the value no,
especially if combined with the -selfsign command line option.

99d387f6

27 Sep, 2014 7 commits
- split commands into their own functions; improve logging and error reporting · 87fb6e3e
  ale authored Sep 27, 2014
  
  87fb6e3e
- extend the documentation a bit · d82b2c9a
  ale authored Sep 27, 2014
  
  d82b2c9a
- switch the digest default to SHA2 · da1f62a6
  ale authored Sep 27, 2014
  
  da1f62a6
- use the specified digest for the CSR · 537b055e
  ale authored Sep 27, 2014
  
  537b055e
- add .gitignore · 9a09fbbb
  ale authored Sep 27, 2014
  
  9a09fbbb
- add Tox config · dbd0114f
  ale authored Sep 27, 2014
  
  dbd0114f
- give README a proper file extension so that it renders correctly · 8230dab1
  ale authored Sep 27, 2014
  
  8230dab1
17 Aug, 2014 1 commit
- made signature algorithm configurable · 7e4567f1
  ale authored Aug 17, 2014
  
  7e4567f1
07 Feb, 2014 1 commit
- always revoke the certificate, even if it is already expired · 09eeaa8a
  ale authored Feb 07, 2014
  
  09eeaa8a
29 Dec, 2013 2 commits
- allow specifying nsCertType in config · 2397de7d
  ale authored Dec 29, 2013
  
  2397de7d
- add missing package_data · ad5c70b1
  ale authored Dec 29, 2013
  
  ad5c70b1
10 Dec, 2012 2 commits
- always regenerate the CA config file if necessary · 790d363e
  ale authored Dec 10, 2012
  
  790d363e
- ensure that the generated CRL is in DER format · 85e20677
  ale authored Dec 10, 2012
  
  85e20677
09 Dec, 2012 2 commits
- removed NS Comment attribute · ff933c36
  ale authored Dec 09, 2012
  
  ff933c36
- remove obsolete Netscape Revocation url attributes · 0209d54d
  ale authored Dec 09, 2012
  
  0209d54d
17 Nov, 2012 1 commit
- support relocatable ca roots · 6c830753
  ale authored Nov 17, 2012
  
  6c830753
08 Feb, 2012 3 commits
- dump certs on stderr · d9876b86
  ale authored Feb 08, 2012
  
  d9876b86
- correctly set the email as subjectAltName of the CA certificate only; do not add it to the DN · d81c4cdb
  ale authored Feb 08, 2012
  
  d81c4cdb
- add a full integration test via main() · a3143f42
  ale authored Feb 08, 2012
  
  a3143f42
06 Feb, 2012 3 commits
- print expiration dates in the "list" command · 1c063489
  ale authored Feb 06, 2012
  
  1c063489
- add the "fp" command to dump fingerprints; minor fixes to the help doc · f054c992
  ale authored Feb 06, 2012
  
  f054c992
- upgrade to CAM v2.0 · 112c04e3
  ale authored Feb 06, 2012
  
  112c04e3
15 Dec, 2006 1 commit
- re-added the '-selfsign' option so that at least the 'newca' command works with openssl 0.9.8 · de74ecfb
  ale authored Dec 15, 2006
  
  de74ecfb
07 Dec, 2006 3 commits
- fixed issue #1 - cam library path now has precedence · 171e524a
  ale authored Dec 07, 2006
  
  171e524a
- fixed previous commit: one -selfsign option was left · 109a82c8
  ale authored Dec 07, 2006
  
  109a82c8
- dropped -selfsign option; revoke certificates that are re-generated but not expired; fixes · 922a15c7
  ale authored Dec 07, 2006
  
  922a15c7