Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
db28aa86
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
db28aa86
编写于
2月 25, 2010
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
add -trusted_first option and verify flag
上级
2da2ff50
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
23 addition
and
0 deletion
+23
-0
CHANGES
CHANGES
+4
-0
apps/apps.c
apps/apps.c
+2
-0
crypto/x509/x509_vfy.c
crypto/x509/x509_vfy.c
+15
-0
crypto/x509/x509_vfy.h
crypto/x509/x509_vfy.h
+2
-0
未找到文件。
CHANGES
浏览文件 @
db28aa86
...
...
@@ -4,6 +4,10 @@
Changes between 1.0.0 and 1.1.0 [xx XXX xxxx]
*) Add -trusted_first option which attempts to find certificates in the
trusted store even if an untrusted chain is also supplied.
[Steve Henson]
*) Initial experimental support for explicitly trusted non-root CAs.
OpenSSL still tries to build a complete chain to a root but if an
intermediate CA has a trust setting included that is used. The first
...
...
apps/apps.c
浏览文件 @
db28aa86
...
...
@@ -2333,6 +2333,8 @@ int args_verify(char ***pargs, int *pargc,
flags
|=
X509_V_FLAG_NOTIFY_POLICY
;
else
if
(
!
strcmp
(
arg
,
"-check_ss_sig"
))
flags
|=
X509_V_FLAG_CHECK_SS_SIGNATURE
;
else
if
(
!
strcmp
(
arg
,
"-trusted_first"
))
flags
|=
X509_V_FLAG_TRUSTED_FIRST
;
else
return
0
;
...
...
crypto/x509/x509_vfy.c
浏览文件 @
db28aa86
...
...
@@ -215,6 +215,21 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
/* If we are self signed, we break */
if
(
cert_self_signed
(
x
))
break
;
/* If asked see if we can find issuer in trusted store first */
if
(
ctx
->
param
->
flags
&
X509_V_FLAG_TRUSTED_FIRST
)
{
ok
=
ctx
->
get_issuer
(
&
xtmp
,
ctx
,
x
);
if
(
ok
<
0
)
return
ok
;
/* If successful for now free up cert so it
* will be picked up again later.
*/
if
(
ok
>
0
)
{
X509_free
(
xtmp
);
break
;
}
}
/* If we were passed a cert chain, use it first */
if
(
ctx
->
untrusted
!=
NULL
)
...
...
crypto/x509/x509_vfy.h
浏览文件 @
db28aa86
...
...
@@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
#define X509_V_FLAG_USE_DELTAS 0x2000
/* Check selfsigned CA signature */
#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
/* Use trusted store first */
#define X509_V_FLAG_TRUSTED_FIRST 0x8000
#define X509_VP_FLAG_DEFAULT 0x1
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录