diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2001-01-17 01:31:34 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2001-01-17 01:31:34 +0000 |
commit | 81f169e95c86fe9b2c3a7ba51a85f7a00763a0e7 (patch) | |
tree | 9c61e9161ee5332e99d091153a4cd242160b9180 /CHANGES | |
parent | a068630a2038ff167d29cdaed828161719355531 (diff) |
Initial OCSP certificate verify. Not complete,
it just supports a "trusted OCSP global root CA".
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -3,6 +3,16 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) Initial OCSP certificate verification added to OCSP_basic_verify() + and related routines. This uses the standard OpenSSL certificate + verify routines to perform initial checks (just CA validity) and + to obtain the certificate chain. Then additional checks will be + performed on the chain. Currently the root CA is checked to see + if it is explicitly trusted for OCSP signing. This is used to set + a root CA as a global signing root: that is any certificate that + chains to that CA is an acceptable OCSP signing certificate. + [Steve Henson] + *) New '-extfile ...' option to 'openssl ca' for reading X.509v3 extensions from a separate configuration file. As when reading extensions from the main configuration file, |