- 06 2月, 2015 1 次提交
-
-
由 Rich Salz 提交于
The mkstack.pl script now generates the entire safestack.h file. It generates output that follows the coding style. Also, removed all instances of the obsolete IMPLEMENT_STACK_OF macro. Reviewed-by: NAndy Polyakov <appro@openssl.org>
-
- 27 1月, 2015 2 次提交
-
-
由 Rich Salz 提交于
Remove OPENSSL_NO_RFCF3779. Also, makevms.com was ignored by some of the other cleanups, so I caught it up. Sorry I ignored you, poor little VMS... Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Rich Salz 提交于
The following compile options (#ifdef's) are removed: OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY This diff is big because of updating the indents on preprocessor lines. Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
- 22 1月, 2015 3 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 06 1月, 2015 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org>
-
- 09 9月, 2014 1 次提交
-
-
由 Paul Suhler 提交于
Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
-
- 16 8月, 2014 1 次提交
-
-
由 Rich Salz 提交于
Add a declaration for get_issuer_sk() so that other functions in x509_vf.c could use it. (Planned work around cross-certification chains.) Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 07 7月, 2014 1 次提交
-
-
由 Viktor Dukhovni 提交于
Reduces number of silly casts in OpenSSL code and likely most applications. Consistent with (char *) for "peername" value from X509_check_host() and X509_VERIFY_PARAM_get0_peername().
-
- 05 7月, 2014 1 次提交
-
-
由 Viktor Dukhovni 提交于
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host(). Document modified interface.
-
- 23 6月, 2014 5 次提交
-
-
由 Viktor Dukhovni 提交于
-
由 Viktor Dukhovni 提交于
-
由 Viktor Dukhovni 提交于
Implemented as STACK_OF(OPENSSL_STRING).
-
由 Viktor Dukhovni 提交于
-
由 Viktor Dukhovni 提交于
Just store NUL-terminated strings. This works better when we add support for multiple hostnames.
-
- 25 5月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
When looking for the issuer of a certificate, if current candidate is expired, continue looking. Only return an expired certificate if no valid certificates are found. PR#3359
-
由 Dr. Stephen Henson 提交于
-
- 21 5月, 2014 1 次提交
-
-
由 Viktor Dukhovni 提交于
Fixes to host checking wild card support and add support for setting host checking flags when verifying a certificate chain.
-
- 04 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit bdfc0e284c89dd5781259cc19aa264aded538492)
-
- 14 2月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
When a chain is complete and ends in a trusted root checks are also performed on the TA and the callback notified with ok==1. For consistency do the same for chains where the TA is not self signed.
-
由 Dr. Stephen Henson 提交于
-
- 10 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 13 12月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Move the IP, email and host checking fields from the public X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID structure. By doing this the structure can be modified in future without risk of breaking any applications. (cherry picked from commit adc6bd73e3bd10ce6e76867482e8d137071298d7) Conflicts: crypto/x509/x509_vpm.c
-
由 Dr. Stephen Henson 提交于
For consistency with other cases if we are performing partial chain verification with just one certificate notify the callback with ok==1. (cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)
-
- 09 9月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
When verifying a partial path always check to see if the EE certificate is explicitly trusted: the path could contain other untrusted certificates.
-
- 13 7月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
PR #3090 Reported by: Franck Youssef <fry@open.ch> If no new reason codes are obtained after checking a CRL exit with an error to avoid repeatedly checking the same CRL. This will only happen if verify errors such as invalid CRL scope are overridden in a callback.
-
- 07 1月, 2013 1 次提交
-
-
由 Ben Laurie 提交于
-
- 22 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
the trust store.
-
- 14 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
trusted store instead of the default which is to return an error if we can't build the complete chain.
-
- 07 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Use -1 to check all extensions in CRLs. Always set flag for freshest CRL.
-
- 06 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add new verify options to set checks. Remove previous -check* commands from s_client and s_server.
-
- 05 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 03 8月, 2012 2 次提交
-
-
由 Dr. Stephen Henson 提交于
New function X509_chain_up_ref to dup and up the reference count of a STACK_OF(X509): replace equivalent functionality in several places by the equivalent call.
-
由 Dr. Stephen Henson 提交于
-
- 05 3月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 23 9月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de> Reviewed by: steve Handle timezones correctly in UTCTime.
-
- 06 9月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
produce an error (CVE-2011-3207)
-
- 26 12月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 02 11月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed by: steve If store is NULL set flags correctly.
-