Age | Commit message (Collapse) | Author |
|
Reduces number of silly casts in OpenSSL code and likely most
applications. Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
(cherry picked from commit 297c67fcd817ea643de2fdeff4e434b050d571e2)
|
|
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.
(cherry picked from commit ced3d9158a7a8c676be504bb6cd3b5ffb7cc7f13)
|
|
(cherry picked from commit 29edebe95c2a51470c78c7e769c926719965eeb1)
|
|
Just store NUL-terminated strings. This works better when we add
support for multiple hostnames.
(cherry picked from commit b3012c698a086937319ed413a113ed7bec1edd1a)
|
|
(cherry picked from commit d435e23959f1c2cb4feadbfba9ad884c59f37db9)
|
|
A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).
With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").
(cherry picked from commit e52c52f10bb8e34aaf8f28f3e5b56939e8f6b357)
|
|
|
|
(cherry picked from commit fd2309aa29e3ea00e445f03407820398962c0b94)
|
|
Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.
(cherry picked from commit 397a8e747dc3f964196caed5ca4e08d4b598362a)
|
|
When looking for an extension we need to set the last found
position to -1 to properly search all extensions.
PR#3309.
(cherry picked from commit 300b9f0b704048f60776881f1d378c74d9c32fbd)
|
|
|
|
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type
which should work on all platforms.
|
|
(cherry picked from commit 19f65ddbab30543415584ae7916e12a3c5249dba)
|
|
|
|
|
|
Certificate/OCSP Extensions.
Add the RFC6962 OIDs to the objects table.
(backport from master branch)
|
|
as issuer and subject names. Although this is an incompatible change
it should have little impact in pratice because self-issued certificates
that are not self-signed are rarely encountered.
(cherry picked from commit b1efb7161f409c81178b9aa95583db3390f90b1b)
|
|
|
|
definitions from e_os.h
|
|
|
|
|
|
modification to the OCSP helper purpose breaks normal OCSP verification. It is
no longer needed now we can trust partial chains.
|
|
|
|
Use -1 to check all extensions in CRLs.
Always set flag for freshest CRL.
|
|
|
|
Submitted by: Rob Austein <sra@hactrn.net>
Fix inverted range problem in RFC3779 code.
Thanks to Andrew Chi for generating test cases for this bug.
|
|
|
|
|
|
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Don't allow inverted ranges in RFC3779 code, discovered by Frank Ellermann.
|
|
of assuming they will always suceed.
|
|
|
|
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Fix corner cases in RFC3779 code.
|
|
Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve
Use OPENSSL_assert() instead of assert().
|
|
Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve
OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.
|
|
|
|
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Memleak, BIO chain leak and realloc checks in v3_pci.c
|
|
Submitted by: Julia Lawall <julia@diku.dk>
Approved by: steve@openssl.org
Correct BIO_write, BIO_printf, i2a_ASN1_INTEGER and i2a_ASN1_OBJECT
error handling in OCSP print routines.
|
|
|
|
as "STRING" cause conflicts with other headers/libraries.
|
|
|
|
Submitted by: Love Hoernquist Aastrand
|
|
|
|
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Fix various typos and stuff.
|
|
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Approved by: steve@openssl.org
Add missing IMPLEMENT.
|
|
Fix memory leak when email:move option used.
|
|
Submitted by: "Jean Rebiffe" <jrebiffe@gmail.com>
Approved by: steve@openssl.org
Free section.
|
|
|
|
|
|
Submitted by: Ger Hobbelt <ger@hobbelt.com>
Reviewed by: steve@openssl.org
Check return value.
|
|
|