• V
    Move peer chain security checks into x509_vfy.c · fbb82a60
    Viktor Dukhovni 提交于
    A new X509_VERIFY_PARAM_set_auth_level() function sets the
    authentication security level.  For verification of SSL peers, this
    is automatically set from the SSL security level.  Otherwise, for
    now, the authentication security level remains at (effectively) 0
    by default.
    
    The new "-auth_level" verify(1) option is available in all the
    command-line tools that support the standard verify(1) options.
    
    New verify(1) tests added to check enforcement of chain signature
    and public key security levels.  Also added new tests of enforcement
    of the verify_depth limit.
    
    Updated documentation.
    Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
    fbb82a60
cms.pod 22.6 KB