Fix minor spelling mistakes Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

libsss_certmap: Accept certificate with data before header According to RFC 7468 parser must not fail when some data are present before the encapsulation boundary. sss_cert_pem_to_der didn't respect this and refused valid input. Changing it's code to first locate the certificate header fixes the issue. Resolves: https://pagure.io/SSSD/sssd/issue/3354 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

UTIL: Fix implicit declaration of function 'htobe32' Include internal wrapper header file for endian related functions. The "util/sss_endian.h" include available header file on different platform or it provides compatible macros in the worst case. Breakage noticed when building SSSD on FreeBSD CC src/util/cert/nss/libsss_cert_la-cert.lo src/util/cert/nss/cert.c: In function 'cert_to_ssh_key': src/util/cert/nss/cert.c:358: error: implicit declaration of function 'htobe32' gmake[2]: *** [Makefile:12421: src/util/cert/nss/libsss_cert_la-cert.lo] Error 1 gmake[2]: Leaving directory '/root/sssd_from_git' gmake[1]: *** [Makefile:20050: all-recursive] Error 1 gmake[1]: Leaving directory '/root/sssd_from_git' gmake: *** [Makefile:7116: all] Error 2 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

cert_to_ssh_key: properly add leading 0 to bignums In the ssh keys a leading 0 is added to the bignums of the RSA modulus and exponent if the leading bit is set to avoid the interpretation as a negative number. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

p11: add OCSP default responder options Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

p11: add no_verification option Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

p11: enable ocsp checks This patch enables the Online Certificate Status Protocol in NSS and adds an option to disable it if needed. To make further tuning of certificate verification more easy it is not an option on its own but an option to the new certificate_verification configuration option. Resolves https://fedorahosted.org/sssd/ticket/2812 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

ssh: generate public keys from certificate Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

utils: add NSS version of cert utils Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>