| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-01-22 | indent has problems with comments that are on the right hand side of a line. | Matt Caswell | |
| Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Conflicts: crypto/bn/bn.h crypto/ec/ec_lcl.h crypto/rsa/rsa.h demos/engines/ibmca/hw_ibmca.c ssl/ssl.h ssl/ssl3.h Reviewed-by: Tim Hudson <tjh@openssl.org> | |||
| 2015-01-22 | More indent fixes for STACK_OF | Matt Caswell | |
| Conflicts: ssl/s3_lib.c Reviewed-by: Tim Hudson <tjh@openssl.org> | |||
| 2015-01-22 | Fix indent issue with functions using STACK_OF | Matt Caswell | |
| Reviewed-by: Tim Hudson <tjh@openssl.org> | |||
| 2015-01-22 | mark all block comments that need format preserving so that | Tim Hudson | |
| indent will not alter them when reformatting comments (cherry picked from commit 1d97c8435171a7af575f73c526d79e1ef0ee5960) Conflicts: crypto/bn/bn_lcl.h crypto/bn/bn_prime.c crypto/engine/eng_all.c crypto/rc4/rc4_utl.c crypto/sha/sha.h ssl/kssl.c ssl/t1_lib.c Reviewed-by: Tim Hudson <tjh@openssl.org> | |||
| 2014-07-07 | Update API to use (char *) for email addresses and hostnames | Viktor Dukhovni | |
| Reduces number of silly casts in OpenSSL code and likely most applications. Consistent with (char *) for "peername" value from X509_check_host() and X509_VERIFY_PARAM_get0_peername(). (cherry picked from commit 297c67fcd817ea643de2fdeff4e434b050d571e2) | |||
| 2014-07-07 | New peername element in X509_VERIFY_PARAM_ID | Viktor Dukhovni | |
| Declaration, memory management, accessor and documentation. (cherry picked from commit 6e661d458f5aa8f52bf3d9098bd10025de5f08ea) | |||
| 2014-07-07 | Multiple verifier reference identities. | Viktor Dukhovni | |
| Implemented as STACK_OF(OPENSSL_STRING). (cherry picked from commit 8abffa4a73fcbf6536e0a42d736ed9211a8204ea) | |||
| 2014-05-21 | Fixes to host checking. | Viktor Dukhovni | |
| Fixes to host checking wild card support and add support for setting host checking flags when verifying a certificate chain. (cherry picked from commit 397a8e747dc3f964196caed5ca4e08d4b598362a) | |||
| 2013-12-13 | verify parameter enumeration functions | Dr. Stephen Henson | |
| (cherry picked from commit 9b3d75706ef0114362f04665a3c745bfef59d023) Conflicts: crypto/x509/x509_vpm.c | |||
| 2013-12-13 | Add opaque ID structure. | Dr. Stephen Henson | |
| Move the IP, email and host checking fields from the public X509_VERIFY_PARAM structure into an opaque X509_VERIFY_PARAM_ID structure. By doing this the structure can be modified in future without risk of breaking any applications. | |||
| 2013-01-17 | New functions to set lookup_crls callback and to retrieve internal X509_STORE | Dr. Stephen Henson | |
| from X509_STORE_CTX. | |||
| 2012-12-26 | add suite B chain validation flags and associated verify errors | Dr. Stephen Henson | |
| (backport from HEAD) | |||
| 2012-12-19 | Integrate host, email and IP address checks into X509_verify. | Dr. Stephen Henson | |
| Add new verify options to set checks. (backport from HEAD) | |||
| 2012-12-14 | New verify flag to return success if we have any certificate in the trusted | Dr. Stephen Henson | |
| store instead of the default which is to return an error if we can't build the complete chain. [backport from HEAD] | |||
| 2012-09-26 | add -trusted_first option and verify flag (backport from HEAD) | Dr. Stephen Henson | |
| 2009-10-31 | Add missing functions to allow access to newer X509_STORE_CTX status | Dr. Stephen Henson | |
| information. Add more informative message to verify callback to indicate when CRL path validation is taking place. | |||
| 2009-10-18 | Add new function X509_STORE_set_verify_cb and use it in apps | Dr. Stephen Henson | |
| 2009-06-26 | Allow checking of self-signed certifictes if a flag is set. | Dr. Stephen Henson | |
| 2008-09-01 | Initial support for delta CRLs. If "use deltas" flag is set attempt to find | Dr. Stephen Henson | |
| a delta CRL in addition to a full CRL. Check and search delta in addition to the base. | |||
| 2008-08-29 | Add support for CRLs partitioned by reason code. | Dr. Stephen Henson | |
| Tidy CRL scoring system. Add new CRL path validation error. | |||
| 2008-08-13 | Initial support for CRL path validation. This supports distinct certificate | Dr. Stephen Henson | |
| and CRL signing keys. | |||
| 2008-08-08 | Initial support for name constraints certificate extension. | Dr. Stephen Henson | |
| TODO: robustness checking on name forms. | |||
| 2006-11-27 | Add RFC 3779 support. | Ben Laurie | |
| 2006-09-17 | Overhaul of by_dir code to handle dynamic loading of CRLs. | Dr. Stephen Henson | |
| 2006-09-14 | Support for AKID in CRLs and partial support for IDP. Overhaul of CRL | Dr. Stephen Henson | |
| handling to support this. | |||
| 2006-09-11 | Fixes for new CRL/cert callbacks. Update CRL processing code to use new | Dr. Stephen Henson | |
| callbacks. | |||
| 2006-09-10 | Add verify callback functions to lookup a STACK of matching certs or CRLs | Dr. Stephen Henson | |
| based on subject name. New thread safe functions to retrieve matching STACK from X509_STORE. Cache some IDP components. | |||
| 2005-09-02 | Two new verify flags functions. | Dr. Stephen Henson | |
| 2005-04-09 | Added restrictions on the use of proxy certificates, as they may pose | Richard Levitte | |
| a security threat on unexpecting applications. Document and test. | |||
| 2004-12-28 | Add functionality needed to process proxy certificates. | Richard Levitte | |
| 2004-11-29 | Make an explicit check during certificate validation to see that the | Richard Levitte | |
| CA setting in each certificate on the chain is correct. As a side- effect always do the following basic checks on extensions, not just when there's an associated purpose to the check: - if there is an unhandled critical extension (unless the user has chosen to ignore this fault) - if the path length has been exceeded (if one is set at all) - that certain extensions fit the associated purpose (if one has been given) | |||
| 2004-10-01 | Don't use C++ reserved work "explicit". | Dr. Stephen Henson | |
| 2004-09-18 | Make -Werror happy again. | Geoff Thorpe | |
| 2004-09-06 | New X509_VERIFY_PARAM structure and associated functionality. | Dr. Stephen Henson | |
| This tidies up verify parameters and adds support for integrated policy checking. Add support for policy related command line options. Currently only in smime application. WARNING: experimental code subject to change. | |||
| 2004-05-19 | Delete obsolete and unimplemented function. | Dr. Stephen Henson | |
| 2004-05-19 | X509_policy_lib_init is declared but not defined, so it raises havoc | Richard Levitte | |
| when trying to build a shared library on VMS or Windows... | |||
| 2004-04-01 | Don't use C++ reserved word. | Dr. Stephen Henson | |
| 2004-03-27 | Allow CRLs to be passed into X509_STORE_CTX. This is useful when the | Dr. Stephen Henson | |
| verified structure can contain its own CRLs (such as PKCS#7 signedData). Tidy up some of the verify code. | |||
| 2004-03-25 | Fix loads of warnings in policy code. | Dr. Stephen Henson | |
| I'll remember to try to compile this with warnings enabled next time :-) | |||
| 2004-03-23 | Initial support for certificate policy checking and evaluation. | Dr. Stephen Henson | |
| This is currently *very* experimental and needs to be more fully integrated with the main verification code. | |||
| 2004-03-05 | Various X509 fixes. Disable broken certificate workarounds | Dr. Stephen Henson | |
| when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in CRL issuer certificates. Reject CRLs with unhandled (any) critical extensions. | |||
| 2003-03-20 | Make sure we get the definition of a number of OPENSSL_NO_* macros. | Richard Levitte | |
| 2001-10-21 | Reject certificates with unhandled critical extensions. | Dr. Stephen Henson | |
| 2001-09-01 | Make the necessary changes to work with the recent "ex_data" overhaul. | Geoff Thorpe | |
| See the commit log message for that for more information. NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented (initialisation by "memset" won't/can't/doesn't work). This fixes that but requires that X509_STORE_CTX_init() be able to handle errors - so its prototype has been changed to return 'int' rather than 'void'. All uses of that function throughout the source code have been tracked down and adjusted. | |||
| 2001-08-06 | More typedef'd struct names as search targets | Bodo Möller | |
| 2001-08-06 | Reinsert typedef'ed names for structs to help those trying to read the | Bodo Möller | |
| sourcecode (including fgrep) | |||
| 2001-08-05 | Start to reduce some of the header bloat. | Ben Laurie | |
| 2001-07-30 | Fix inconsistent behaviour with respect to verify_callback handling. | Lutz Jänicke | |
| 2001-05-10 | Purpose and trust setting functions for X509_STORE. | Dr. Stephen Henson | |
| Tidy existing code. | |||
| 2001-05-09 | Allow various X509_STORE_CTX properties to be | Dr. Stephen Henson | |
| inherited from X509_STORE. Add CRL checking options to other applications. | |||
 |
index : openssl | |
| Mirror of https://github.com/openssl/openssl | matthias |
| summaryrefslogtreecommitdiffstats |