Todd Short
|
3c95ef22df
RFC7250 (RPK) support
|
3 lat temu |
Dr. David von Oheimb
|
1caa4835eb
doc/man3/X509_STORE_CTX_get_error.pod: make order consistent, add some missing entries
|
1 rok temu |
Dr. David von Oheimb
|
ec6cbda0f2
X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_clear_flags doc
|
1 rok temu |
Tomas Mraz
|
cccf532fef
Disallow certs with explicit curve in verification chain
|
4 lat temu |
Dr. David von Oheimb
|
82bdd64193
check_chain_extensions(): Require X.509 v3 if extensions are present
|
4 lat temu |
Dr. David von Oheimb
|
bb377c8d6c
check_chain_extensions(): Add check that CA cert includes key usage extension
|
4 lat temu |
Dr. David von Oheimb
|
da6c691d6d
check_chain_extensions(): Add check that on empty Subject the SAN must be marked critical
|
4 lat temu |
Dr. David von Oheimb
|
89f13ca434
check_chain_extensions(): Add check that AKID and SKID are not marked critical
|
4 lat temu |
Dr. David von Oheimb
|
8a639b9d72
check_chain_extensions(): Add check that Basic Constraints of CA cert are marked critical
|
4 lat temu |
Dr. David von Oheimb
|
1e41dadfa7
Extend X509 cert checks and error reporting in v3_{purp,crld}.c and x509_{set,vfy}.c
|
4 lat temu |
Dr. David von Oheimb
|
023697870b
Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c}
|
4 lat temu |
Dr. David von Oheimb
|
ade08735f9
Improve documentation, layout, and code comments regarding self-issued certs etc.
|
4 lat temu |
Matt Caswell
|
33388b44b6
Update copyright year
|
4 lat temu |
Rich Salz
|
21d08b9ee9
Update man3/verify documentation, error text
|
5 lat temu |
Richard Levitte
|
ffd2df135a
X509_check_issued: check that signature algo matches signing key algo
|
5 lat temu |
Richard Levitte
|
3e4b43b9e5
Following the license change, modify the boilerplates in crypto/x509/
|
6 lat temu |
KaoruToda
|
26a7d938c9
Remove parentheses of return.
|
7 lat temu |
Pauli
|
f32b0abe26
Remove unnecessary #include <openssl/lhash.h> directives.
|
7 lat temu |
Todd Short
|
3bb0f989b5
OCSP Updates: error codes and multiple certificates
|
9 lat temu |
Richard Levitte
|
c8223538cb
Check that the subject name in a proxy cert complies to RFC 3820
|
8 lat temu |
Viktor Dukhovni
|
f75b34c8c8
When strict SCT fails record verification failure
|
8 lat temu |
Viktor Dukhovni
|
f3e235ed6f
Ensure verify error is set when X509_verify_cert() fails
|
8 lat temu |
Rich Salz
|
b1322259d9
Copyright consolidation 09/10
|
8 lat temu |
Viktor Dukhovni
|
fbb82a60dc
Move peer chain security checks into x509_vfy.c
|
8 lat temu |
Viktor Dukhovni
|
d33def6624
Deprecate the -issuer_checks debugging option
|
8 lat temu |
Viktor Dukhovni
|
c0a445a9f2
Suppress DANE TLSA reflection when verification fails
|
8 lat temu |
Rich Salz
|
349807608f
Remove /* foo.c */ comments
|
9 lat temu |
Richard Levitte
|
b39fc56061
Identify and move common internal libcrypto header files
|
9 lat temu |
Matt Caswell
|
0f113f3ee4
Run util/openssl-format-source -v -c .
|
9 lat temu |
Dr. Stephen Henson
|
3bf15e2974
Integrate host, email and IP address checks into X509_verify.
|
12 lat temu |