- 11 3月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
This reverts commit b98efebe. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11282)
-
- 16 2月, 2020 1 次提交
-
-
由 Kurt Roeckx 提交于
Create a whole chain of Ed488 certificates so that we can use it at security level 4 (192 bit). We had an 2048 bit RSA (112 bit, level 2) root sign the Ed488 certificate using SHA256 (128 bit, level 3). Reviewed-by: NMatt Caswell <matt@openssl.org> GH: #10785 (cherry picked from commit 77c4d3972400adf1bcb76ceea359f5453cc3e8e4)
-
- 06 2月, 2020 1 次提交
-
-
由 Kurt Roeckx 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> GH: #10786 (cherry picked from commit 4d9e8c95544d7a86765e6a46951dbe17b801875a)
-
- 09 8月, 2019 1 次提交
-
-
由 Matt Caswell 提交于
Create a PSS certificate with parameter restrictions Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9553) (cherry picked from commit 39d9ea5e502114a204750f641ca76ff5b4912401)
-
- 12 11月, 2018 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7442) (cherry picked from commit 83c81eebed52aa84b6b34d26e984c859158ca1c0)
-
- 23 5月, 2018 1 次提交
-
-
由 Viktor Dukhovni 提交于
Don't apply DNS name constraints to the subject CN when there's a least one DNS-ID subjectAlternativeName. Don't apply DNS name constraints to subject CN's that are sufficiently unlike DNS names. Checked name must have at least two labels, with all labels non-empty, no trailing '.' and all hyphens must be internal in each label. In addition to the usual LDH characters, we also allow "_", since some sites use these for hostnames despite all the standards. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 26 4月, 2017 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3301)
-
- 12 7月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
subject alternate names. Add nameConstraints tests incluing DNS, IP and email tests both in subject alt name extension and subject name. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 23 6月, 2016 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 21 6月, 2016 1 次提交
-
-
由 Richard Levitte 提交于
This extends 'req' to take more than one DN component, and to take them as full DN components and not just CN values. All other commands are changed to pass "CN = $cn" instead of just a CN value. This adds 'genpc', which differs from the other 'gen*' commands by not calling 'req', and expect the result from 'req' to come through stdin. Finally, test/certs/setup.sh gets the commands needed to generate a few proxy certificates. Reviewed-by: NRich Salz <rsalz@openssl.org> Reviewed-by: NStephen Henson <steve@openssl.org>
-
- 03 4月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
A new X509_VERIFY_PARAM_set_auth_level() function sets the authentication security level. For verification of SSL peers, this is automatically set from the SSL security level. Otherwise, for now, the authentication security level remains at (effectively) 0 by default. The new "-auth_level" verify(1) option is available in all the command-line tools that support the standard verify(1) options. New verify(1) tests added to check enforcement of chain signature and public key security levels. Also added new tests of enforcement of the verify_depth limit. Updated documentation. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 30 3月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Previously, it was sufficient to have certSign in keyUsage when the basicConstraints extension was missing. That is still accepted in a trust anchor, but is no longer accepted in an intermediate CA. Reviewed-by: NRich Salz <rsalz@openssl.org>
-
- 01 2月, 2016 3 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Viktor Dukhovni 提交于
When auxiliary data contains only reject entries, continue to trust self-signed objects just as when no auxiliary data is present. This makes it possible to reject specific uses without changing what's accepted (and thus overring the underlying EKU). Added new supported certs and doubled test count from 38 to 76. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
由 Viktor Dukhovni 提交于
This includes basic constraints, key usages, issuer EKUs and auxiliary trust OIDs (given a trust suitably related to the intended purpose). Added tests and updated documentation. Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 21 1月, 2016 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-