summaryrefslogtreecommitdiffstats
path: root/crypto/x509/x509_vfy.c
AgeCommit message (Expand)Author
2018-10-18Apply self-imposed path length also to root CAsViktor Dukhovni
2018-10-18Only CA certificates can be self-issuedViktor Dukhovni
2018-09-27Merge 1.0.2 setuid calls to getenv(3) safety.Pauli
2018-05-05X509 time: tighten validation per RFC 5280Emilia Kasper
2018-04-19X509_cmp_time: only return 1, 0, -1.Emilia Kasper
2016-09-26Add some sanity checks when checking CRL scoresMatt Caswell
2016-08-03Don't check any revocation info on proxy certificatesRichard Levitte
2016-07-29Fix CRL time comparison.Dr. Stephen Henson
2016-07-22Use newest CRL.Dr. Stephen Henson
2016-06-29Fix proxy certificate pathlength verificationRichard Levitte
2016-06-29Check that the subject name in a proxy cert complies to RFC 3820Richard Levitte
2016-05-19Ensure verify error is set when X509_verify_cert() failsViktor Dukhovni
2016-02-05Fix missing ok=0 with locally blacklisted CAsViktor Dukhovni
2016-01-02Fix X509_STORE_CTX_cleanup()Viktor Dukhovni
2015-09-02Better handling of verify param id peername fieldViktor Dukhovni
2015-08-28GH354: Memory leak fixesAlessandro Ghedini
2015-08-14Fix 1.0.2 build breakRich Salz
2015-08-13GH364: Free memory on an error pathIsmo Puustinen
2015-07-07Reject calls to X509_verify_cert that have not been reinitialisedMatt Caswell
2015-07-07Fix alternate chains certificate forgery issueMatt Caswell
2015-06-11Fix length checks in X509_cmp_time to avoid out-of-bounds reads.Emilia Kasper
2015-05-13Add NULL checks from masterRich Salz
2015-04-29Revert "Fix verify algorithm."Matt Caswell
2015-04-20Fix verify algorithm.Dr. Stephen Henson
2015-04-20Add flag to inhibit checking for alternate certificate chains. Setting thisMatt Caswell
2015-04-20In certain situations the server provided certificate chain may no longer beMatt Caswell
2015-01-22Re-align some comments after running the reformat script.OpenSSL_1_0_2-post-reformatMatt Caswell
2015-01-22Run util/openssl-format-source -v -c .Matt Caswell
2015-01-22Additional comment changes for reformat of 1.0.2Matt Caswell
2015-01-22Further comment amendments to preserve formatting prior to source reformatMatt Caswell
2014-09-08RT2841: Extra return in check_issuedPaul Suhler
2014-07-07Update API to use (char *) for email addresses and hostnamesViktor Dukhovni
2014-07-07Set optional peername when X509_check_host() succeeds.Viktor Dukhovni
2014-07-07One more typo when changing !result to result <= 0Viktor Dukhovni
2014-07-07Fix typo in last commitViktor Dukhovni
2014-07-07Multiple verifier reference identities.Viktor Dukhovni
2014-06-25X509_check_mumble() failure is <= 0, not just 0Viktor Dukhovni
2014-06-25Drop hostlen from X509_VERIFY_PARAM_ID.Viktor Dukhovni
2014-05-21Fixes to host checking.Viktor Dukhovni
2014-03-03For self signed root only indicate one error.Dr. Stephen Henson
2014-02-14Include TA in checks/callback with partial chains.Dr. Stephen Henson
2014-02-14Add cert_self_signed function to simplify verifyDr. Stephen Henson
2014-02-14Simplify X509_STORE_CTX_get1_chain (from master).Dr. Stephen Henson
2014-01-09Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling.Dr. Stephen Henson
2013-12-13Add opaque ID structure.Dr. Stephen Henson
2013-12-13Fix for partial chain notification.Dr. Stephen Henson
2013-09-08Partial path fix.Dr. Stephen Henson
2013-08-06Fix verify loop with CRL checking.Dr. Stephen Henson
2013-01-17initial support for delta CRL generations by diffing two full CRLsDr. Stephen Henson
2013-01-06Fix warning.Ben Laurie
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-27 01:35:28 +0000