open-vault

Author	SHA1	Message	Date
Jeff Mitchell	34f495a354	Refactor to allow only issuing CAs to be set and not have things blow up. This is useful/important for e.g. the Cassandra backend, where you may want to do TLS with a specific CA cert for server validation, but not actually do client authentication with a client cert. Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>	2015-06-18 15:22:58 -04:00
Jeff Mitchell	9e00ca769a	Restructure a little bit to make the helper library fully standalone. This makes it easier to move around later if desired, and for use by external programs. Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>	2015-06-18 06:42:57 -04:00
Jeff Mitchell	29e7ec3e21	A lot of refactoring: move PEM bundle parsing into helper/certutil, so that it is usable by other backends that want to use it to get the necessary data for TLS auth. Also, enhance the raw cert bundle => parsed cert bundle to make it more useful and perform more validation checks. More refactoring could be done within the PKI backend itself, but that can wait. Commit contents (C)2015 Akamai Technologies, Inc. <opensource@akamai.com>	2015-06-17 16:07:20 -04:00