diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2010-02-25 00:17:22 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2010-02-25 00:17:22 +0000 |
commit | fbd2164044f92383955a801ad1b2857d71e83f27 (patch) | |
tree | dfd027788b737a91b8103a1b5ae751e695c5d014 /CHANGES | |
parent | 04e4b8272614ab72d313af8d8e6488f8575e175e (diff) |
Experimental support for partial chain verification: if an intermediate
certificate is explicitly trusted (using -addtrust option to x509 utility
for example) the verification is sucessful even if the chain is not complete.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -4,6 +4,16 @@ Changes between 1.0.0 and 1.1.0 [xx XXX xxxx] + *) Initial experimental support for explicitly trusted non-root CAs. + OpenSSL still tries to build a complete chain to a root but if an + intermediate CA has a trust setting included that is used. The first + setting is used: whether to trust or reject. + [Steve Henson] + + *) New -verify_name option in command line utilities to set verification + parameters by name. + [Steve Henson] + *) Initial CMAC implementation. WARNING: EXPERIMENTAL, API MAY CHANGE. Add CMAC pkey methods. [Steve Henson] |