- 23 6月, 2014 5 次提交
-
-
由 Viktor Dukhovni 提交于
-
由 Viktor Dukhovni 提交于
-
由 Viktor Dukhovni 提交于
Implemented as STACK_OF(OPENSSL_STRING).
-
由 Viktor Dukhovni 提交于
-
由 Viktor Dukhovni 提交于
Just store NUL-terminated strings. This works better when we add support for multiple hostnames.
-
- 25 5月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
When looking for the issuer of a certificate, if current candidate is expired, continue looking. Only return an expired certificate if no valid certificates are found. PR#3359
-
由 Dr. Stephen Henson 提交于
-
- 21 5月, 2014 1 次提交
-
-
由 Viktor Dukhovni 提交于
Fixes to host checking wild card support and add support for setting host checking flags when verifying a certificate chain.
-
- 04 3月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit bdfc0e284c89dd5781259cc19aa264aded538492)
-
- 14 2月, 2014 2 次提交
-
-
由 Dr. Stephen Henson 提交于
When a chain is complete and ends in a trusted root checks are also performed on the TA and the callback notified with ok==1. For consistency do the same for chains where the TA is not self signed.
-
由 Dr. Stephen Henson 提交于
-
- 10 1月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 13 12月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Move the IP, email and host checking fields from the public X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID structure. By doing this the structure can be modified in future without risk of breaking any applications. (cherry picked from commit adc6bd73e3bd10ce6e76867482e8d137071298d7) Conflicts: crypto/x509/x509_vpm.c
-
由 Dr. Stephen Henson 提交于
For consistency with other cases if we are performing partial chain verification with just one certificate notify the callback with ok==1. (cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)
-
- 09 9月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
When verifying a partial path always check to see if the EE certificate is explicitly trusted: the path could contain other untrusted certificates.
-
- 13 7月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
PR #3090 Reported by: Franck Youssef <fry@open.ch> If no new reason codes are obtained after checking a CRL exit with an error to avoid repeatedly checking the same CRL. This will only happen if verify errors such as invalid CRL scope are overridden in a callback.
-
- 07 1月, 2013 1 次提交
-
-
由 Ben Laurie 提交于
-
- 22 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
the trust store.
-
- 14 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
trusted store instead of the default which is to return an error if we can't build the complete chain.
-
- 07 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Use -1 to check all extensions in CRLs. Always set flag for freshest CRL.
-
- 06 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add new verify options to set checks. Remove previous -check* commands from s_client and s_server.
-
- 05 12月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 03 8月, 2012 2 次提交
-
-
由 Dr. Stephen Henson 提交于
New function X509_chain_up_ref to dup and up the reference count of a STACK_OF(X509): replace equivalent functionality in several places by the equivalent call.
-
由 Dr. Stephen Henson 提交于
-
- 05 3月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 23 9月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Christoph Viethen <cv@kawo2.rwth-aachen.de> Reviewed by: steve Handle timezones correctly in UTCTime.
-
- 06 9月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
produce an error (CVE-2011-3207)
-
- 26 12月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 02 11月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reviewed by: steve If store is NULL set flags correctly.
-
- 25 2月, 2010 3 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
certificate is explicitly trusted (using -addtrust option to x509 utility for example) the verification is sucessful even if the chain is not complete.
-
- 17 11月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Rob Austein <sra@hactrn.net> Approved by: steve@openssl.org Initialise atm.flags to 0.
-
- 01 11月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
information. Add more informative message to verify callback to indicate when CRL path validation is taking place.
-
- 23 10月, 2009 2 次提交
-
-
由 Dr. Stephen Henson 提交于
for the leaf certificate of a CRL path.
-
由 Dr. Stephen Henson 提交于
-
- 04 9月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 02 9月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: steve@openssl.org Include a flag ASN1_STRING_FLAG_MSTRING when a multi string type is created. This makes it possible to tell if the underlying type is UTCTime, GeneralizedTime or Time when the structure is reused and X509_time_adj_ex() can handle each case in an appropriate manner. Add error checking to CRL generation in ca utility when nextUpdate is being set.
-
- 26 6月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 15 6月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-