- 16 4月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
When looking for an extension we need to set the last found position to -1 to properly search all extensions. PR#3309.
-
- 15 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
The modification to the OCSP helper purpose breaks normal OCSP verification. It is no longer needed now we can trust partial chains.
-
- 08 12月, 2012 1 次提交
-
-
由 Ben Laurie 提交于
-
- 07 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Use -1 to check all extensions in CRLs. Always set flag for freshest CRL.
-
- 26 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 25 2月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
as issuer and subject names. Although this is an incompatible change it should have little impact in pratice because self-issued certificates that are not self-signed are rarely encountered.
-
- 24 2月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 06 11月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 22 10月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
with the appropriate parameters which calls OBJ_bsearch(). A compiler will typically inline this. This avoids the need for cmp_xxx variables and fixes unchecked const issues with CHECKED_PTR_OF()
-
- 12 10月, 2008 1 次提交
-
-
由 Ben Laurie 提交于
-
- 01 9月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
a delta CRL in addition to a full CRL. Check and search delta in addition to the base.
-
- 29 8月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Tidy CRL scoring system. Add new CRL path validation error.
-
- 12 8月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Delete X509_POLICY_REF code. Fix handling of invalid policy extensions to return the correct error. Add command line option to inhibit policy mappings.
-
- 08 8月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
TODO: robustness checking on name forms.
-
- 04 8月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
fields.
-
- 13 7月, 2008 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
Ignore self issued certificates when checking path length constraints. Duplicate OIDs in policy tree in case they are allocated. Use anyPolicy from certificate cache and not current tree level.
-
- 19 12月, 2006 1 次提交
-
-
由 Nils Larsch 提交于
-
- 06 12月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 27 11月, 2006 1 次提交
-
-
由 Ben Laurie 提交于
-
- 15 9月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
handling to support this.
-
- 24 7月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 13 2月, 2006 1 次提交
-
-
由 Ulf Möller 提交于
and response verification. Submitted by: Zoltan Glozik <zglozik@opentsa.org> Reviewed by: Ulf Moeller
-
- 10 4月, 2005 1 次提交
-
-
由 Richard Levitte 提交于
a security threat on unexpecting applications. Document and test.
-
- 28 12月, 2004 1 次提交
-
-
由 Richard Levitte 提交于
-
- 03 12月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 30 11月, 2004 1 次提交
-
-
由 Richard Levitte 提交于
check_ca(), to resolve constness issue. check_ca() is called from the purpose checkers instead of X509_check_ca(), since the stuff done by the latter (except for calling check_ca()) is also done by X509_check_purpose().
-
- 29 11月, 2004 1 次提交
-
-
由 Richard Levitte 提交于
CA setting in each certificate on the chain is correct. As a side- effect always do the following basic checks on extensions, not just when there's an associated purpose to the check: - if there is an unhandled critical extension (unless the user has chosen to ignore this fault) - if the path length has been exceeded (if one is set at all) - that certain extensions fit the associated purpose (if one has been given)
-
- 06 3月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in CRL issuer certificates. Reject CRLs with unhandled (any) critical extensions.
-
- 30 10月, 2003 1 次提交
-
-
由 Geoff Thorpe 提交于
I have tried to convert 'len' type variable declarations to unsigned as a means to address these warnings when appropriate, but when in doubt I have used casts in the comparisons instead. The better solution (that would get us all lynched by API users) would be to go through and convert all the function prototypes and structure definitions to use unsigned variables except when signed is necessary. The proliferation of (signed) "int" for strictly non-negative uses is unfortunate.
-
- 29 1月, 2003 1 次提交
-
-
由 Richard Levitte 提交于
Notified privately to me by Peter Sylvester <Peter.Sylvester@EdelWeb.fr>, one of the authors of said RFC
-
- 28 1月, 2002 1 次提交
-
-
由 Bodo Möller 提交于
[See Message-ID: <3BB07999.30432AD2@celocom.com> Date: Tue, 25 Sep 2001 13:33:29 +0100 From: Dr S N Henson <drh@celocom.com> To: openssl-dev@openssl.org Subject: Re: Error in v3_purp.c ]
-
- 26 1月, 2002 1 次提交
-
-
由 Richard Levitte 提交于
making X509_check_issued() properly match an issuer that's found in a Authority Key Identifier.
-
- 21 10月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reject certificates with unhandled critical extensions.
-
- 10 5月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Purpose and trust setting functions for X509_STORE. Tidy existing code.
-
- 20 2月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I've checked fairly well that nothing breaks with this (apart from external software that will adapt if they have used something like NO_KRB5), but I can't guarantee it completely, so a review of this change would be a good thing.
-
- 01 2月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
certificates. One is a valid CA which has no basicConstraints but does have certSign keyUsage. Other is S/MIME signer with nonRepudiation but no digitalSignature.
-
- 17 1月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Initial OCSP certificate verify. Not complete, it just supports a "trusted OCSP global root CA".
-
- 09 12月, 2000 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Merge from the ASN1 branch of new ASN1 code to main trunk. Lets see if the makes it to openssl-cvs :-)
-
- 06 9月, 2000 1 次提交
-
-
由 Dr. Stephen Henson 提交于
The old code was painfully primitive and couldn't handle distinct certificates using the same subject name. The new code performs several tests on a candidate issuer certificate based on certificate extensions. It also adds several callbacks to X509_VERIFY_CTX so its behaviour can be customised. Unfortunately some hackery was needed to persuade X509_STORE to tolerate this. This should go away when X509_STORE is replaced, sometime... This must have broken something though :-(
-