diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-11-29 22:35:00 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-11-29 22:35:00 +0000 |
commit | bb7cd4e3ebb9c1114b7fb6f6d0e4c280ef984889 (patch) | |
tree | eaaa4cf77dfbc5b6eb6d6e8277fbdfd6cf8c4f28 /CHANGES | |
parent | 13938acecae8f1b455812d0388e2891abd1c096d (diff) |
Remainder of SSL purpose and trust code: trust and purpose setting in
SSL_CTX and SSL, functions to set them and defaults if no values set.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -17,9 +17,8 @@ when the X509_STORE_CTX structure is set up) and checks the pathlength. There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour: - this is because when it is finally working it will reject chains with - invalid extensions whereas every previous version of OpenSSL and SSLeay - made no checks at all. + this is because it will reject chains with invalid extensions whereas + every previous version of OpenSSL and SSLeay made no checks at all. Trust code: checks the root CA for the relevant trust settings. Trust settings have an initial value consistent with the verify purpose: e.g. @@ -32,6 +31,10 @@ which should be used for version portability: especially since the verify structure is likely to change more often now. + SSL integration. Add purpose and trust to SSL_CTX and SSL and functions + to set them. If not set then assume SSL clients will verify SSL servers + and vice versa. + Two new options to the verify program: -untrusted allows a set of untrusted certificates to be passed in and -purpose which sets the intended purpose of the certificate. If a purpose is set then the |