diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-11-26 00:27:07 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-11-26 00:27:07 +0000 |
commit | d4cec6a13dfb2c1d1ddf66dff499aaf21bbbf002 (patch) | |
tree | 4ee543a5413ad1df09e71f97cb69dfe2b48c12da /CHANGES | |
parent | 1126239111a89c52d301c3439d20dc0fd61649c2 (diff) |
New options to the -verify program which can be used for chain verification.
Extend the X509_PURPOSE structure to include shortnames for purposed and default
trust ids.
Still need some extendable trust checking code and integration with the SSL and
S/MIME code.
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 16 |
1 files changed, 11 insertions, 5 deletions
@@ -7,15 +7,21 @@ *) Very preliminary certificate chain verify code. Currently just tests the untrusted certificates for consistency with the verify purpose (which is set when the X509_STORE_CTX structure is set up) and checks - the pathlength. Totally untested at present: needs some extra - functionality in the verify program first. There is a - NO_CHAIN_VERIFY compilation option to keep the old behaviour: this is - because when it is finally working it will reject chains with - invalid extensions whereas before it made no checks at all. + the pathlength. There is a NO_CHAIN_VERIFY compilation option to keep + the old behaviour: this is because when it is finally working it will + reject chains with invalid extensions whereas before it made no checks + at all. + + Still needs some trust checking code. Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions which should be used for version portability: especially since the verify structure is likely to change more often now. + + Two new options to the verify program: -untrusted allows a set of + untrusted certificates to be passed in and -purpose which sets the + intended purpose of the certificate. If a purpose is set then the + new chain verify code is used to check extension consistency. [Steve Henson] *) Support for the authority information access extension. |