summaryrefslogtreecommitdiffstats
path: root/crypto/x509/x509_vfy.c
AgeCommit message (Expand)Author
2018-05-23Skip CN DNS name constraint checks when not neededViktor Dukhovni
2018-05-01Update copyright yearMatt Caswell
2018-04-24X509: add more error codes on malloc or sk_TYP_push failureFdaSilvaYY
2017-09-29Remove unnecessary #include <openssl/lhash.h> directives.Pauli
2017-09-22Guard against DoS in name constraints handling.David Benjamin
2017-08-22Use "" not <> for internal/ includesRich Salz
2017-08-22This has been added to avoid the situation where some host ctype.h functionsPauli
2017-08-21Remove OPENSSL_assert() from crypto/x509Matt Caswell
2017-04-25Use X509_get_signature_info() when checking security levels.Dr. Stephen Henson
2017-02-24X509 time: tighten validation per RFC 5280Emilia Kasper
2016-12-02Restore last-resort expired untrusted intermediate issuersViktor Dukhovni
2016-08-24Un-delete still documented X509_STORE_CTX_set_verifyViktor Dukhovni
2016-08-23Add some sanity checks when checking CRL scoresMatt Caswell
2016-08-19Constify certificate and CRL time routines.Dr. Stephen Henson
2016-08-05spelling fixes, just comments and readme.klemens
2016-08-03Don't check any revocation info on proxy certificatesRichard Levitte
2016-07-29Fix CRL time comparison.Dr. Stephen Henson
2016-07-26Remove current_method from X509_STORE_CTXDr. Stephen Henson
2016-07-25Add setter and getter for X509_STORE's check_policyRichard Levitte
2016-07-25Add getters / setters for the X509_STORE_CTX and X509_STORE functionsRichard Levitte
2016-07-22Use newest CRL.Dr. Stephen Henson
2016-07-12Perform DANE-EE(3) name checks by defaultViktor Dukhovni
2016-07-11Add nameConstraints commonName checking.Dr. Stephen Henson
2016-06-30Remove the envvar hack to enable proxy cert processingRichard Levitte
2016-06-29Whitespace cleanup in cryptoFdaSilvaYY
2016-06-20Fix proxy certificate pathlength verificationRichard Levitte
2016-06-20Check that the subject name in a proxy cert complies to RFC 3820Richard Levitte
2016-05-18Ensure verify error is set when X509_verify_cert() failsViktor Dukhovni
2016-05-17X509_STORE_CTX accessors.Rich Salz
2016-05-17Copyright consolidation 09/10Rich Salz
2016-05-09fix tab-space mixed indentationFdaSilvaYY
2016-05-03Drop duplicate ctx->verify_cb assignmentViktor Dukhovni
2016-04-28Implement X509_STORE_CTX_set_current_cert() accessorViktor Dukhovni
2016-04-27Future proof build_chain() in x509_vfy.cViktor Dukhovni
2016-04-25Added missing X509_STORE_CTX_set_error_depth() accessorViktor Dukhovni
2016-04-18Rename some lowercase API'sRich Salz
2016-04-16Add X509_STORE_CTX_set0_untrusted function.Dr. Stephen Henson
2016-04-15Make many X509_xxx types opaque.Rich Salz
2016-04-08Add SSL_DANE typedef for consistency.Rich Salz
2016-04-03Move peer chain security checks into x509_vfy.cViktor Dukhovni
2016-04-03Tidy up x509_vfy callback handlingViktor Dukhovni
2016-03-29Require intermediate CAs to have basicConstraints CA:true.Viktor Dukhovni
2016-03-20Add a comment on dane_verify() logicViktor Dukhovni
2016-03-08Convert CRYPTO_LOCK_X509_* to new multi-threading APIAlessandro Ghedini
2016-02-10Deprecate the -issuer_checks debugging optionViktor Dukhovni
2016-02-08Suppress DANE TLSA reflection when verification failsViktor Dukhovni
2016-02-05GH601: Various spelling fixes.FdaSilvaYY
2016-02-05Ensure correct chain depth for policy checks with DANE bare key TAViktor Dukhovni
2016-02-05Long overdue cleanup of X509 policy tree verificationViktor Dukhovni
2016-01-31Compat self-signed trust with reject-only aux dataViktor Dukhovni
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-02 22:39:21 +0000