Age | Commit message (Collapse) | Author |
|
<!--
Thank you for your Pull Request!
If you are new to contributing to Mono, please try to do your best at conforming to our coding guidelines http://www.mono-project.com/community/contributing/coding-guidelines/ but don't worry if you get something wrong. One of the project members will help you to get things landed.
Does your pull request fix any of the existing issues? Please use the following format: Fixes #issue-number
-->
|
|
BTLS uses a different format and naming scheme for the local certificate store.
Before using BTLS for the first time on desktop, you need to convert the local
certificate store by either using the new `btls-cert-sync` tool (which will convert
your existing certificate store to the new new format) or `cert-sync` with the
`--btls` argument.
The new format and naming scheme is identically to what you'll find in
'/system/etc/security/cacerts/' on an Android device. It stores the certificates
in PEM format (with a human-readable text section added) using filenames which
are based on the certificate's subject name hash.
Previously, Mono stored the certificates in binary DER format, using a filename
based on either the Subject-Key-Identifier (if available) or the thumbprint.
We cannot access this from BTLS because computing these filenames requires
reading the entire X509 certificate (including the X509v3 extensions), but
their native lookup code only gives us the SubjectName.
This transitioning won't affect Android users as we're using the system
certificate store (including the user certificate store, via a Java callback).
* Mono.Security.X509.X509Store and X509Stores:
Support both the old and the new format. Using the new format requires BTLS.
* Mono.Security.X509.X509StoreManager:
Add `NewCurrentUserPath` and `NewLocalMachinePath` properties for the
new path names (~/.config/.mono/new-certs).
* Mono.Security.X509.X509StoreManager:
Add `NewCurrentUser` and `NewLocalMachine` properties. Requires BTLS.
* tools/security/cert-sync:
Add new `--btls` argument to use the new store.
|
|
* X509CRL.cs: Expose the Hash and RawData properties to make it easier
to support CRL into stores.
* X509Store.cs: Add support to Import and Remove CRL from stores.
Refactor the code to get unique identificators.
* X509Stores.cs: Change default, for Open, to stores that supports
CRLs.
svn path=/trunk/mcs/; revision=69035
|
|
* X509Store.cs: Add new Open method to access any certificate store
by any names (required to support 2.0 features).
svn path=/trunk/mcs/; revision=68346
|
|
svn path=/trunk/mcs/; revision=46562
|
|
svn path=/trunk/mcs/; revision=30348
|
|
* PKCS12.cs: FxCop-ized. CLS compliance.
* X501Name.cs: FxCop-ized.
* X509Builder.cs: FxCop-ized. Replaced Array.Copy with
Buffer.BlockCopy.
* X509CRL.cs: FxCop-ized. Replaced Array.Copy with Buffer.BlockCopy.
* X509Certificate.cs: FxCop-ized. Replaced Array.Copy with
Buffer.BlockCopy. Removed unused private method GetHash.
* X509CertificateBuilder.cs: Ajusted with changes. Replaced
Array.Copy with Buffer.BlockCopy.
* X509CertificateCollection.cs: Added INSIDE_CORLIB as the class is
shared with corlib assembly.
* X509Chain.cs: FxCop-ized. Removed old ITrustAnchor support.
* X509ChainStatusFlags.cs: Added missing [Flags].
* X509Extension.cs: FxCop-ized. Added Equals, GetHashCode methods.
* X509Extensions.cs: FxCop-ized. Sealed class, renamed to
X509ExtensionCollection and inherit from CollectionBase. Added missing
methods.
* X509Store.cs: FxCop-ized.
* X509StoreManager.cs: FxCop-ized. Sealed class.
* X509Stores.cs: Added INSIDE_CORLIB as the class is shared with
corlib assembly.
svn path=/trunk/mcs/; revision=25861
|
|
* X509CRL.cs: New. Certificate Revocation List v1/v2 support.
* X509Store.cs: New. Managed each individual store (with or
without CRL support).
* X509StoreManager.cs: New. Certificate Store Manager to access
user and machine stores and to merge them when required.
* X509Stores.cs: New. Certificate stores group for either the
current user or the local machine.
svn path=/trunk/mcs/; revision=23377
|