aboutsummaryrefslogtreecommitdiff
path: root/crypto/x509/x509_vfy.c
AgeCommit message (Expand)AuthorFilesLines
2016-04-08Add SSL_DANE typedef for consistency.Rich Salz1-9/+9
2016-04-03Move peer chain security checks into x509_vfy.cViktor Dukhovni1-26/+134
2016-04-03Tidy up x509_vfy callback handlingViktor Dukhovni1-286/+217
2016-03-29Require intermediate CAs to have basicConstraints CA:true.Viktor Dukhovni1-1/+2
2016-03-20Add a comment on dane_verify() logicViktor Dukhovni1-1/+13
2016-03-08Convert CRYPTO_LOCK_X509_* to new multi-threading APIAlessandro Ghedini1-1/+2
2016-02-10Deprecate the -issuer_checks debugging optionViktor Dukhovni1-10/+1
2016-02-08Suppress DANE TLSA reflection when verification failsViktor Dukhovni1-5/+3
2016-02-05GH601: Various spelling fixes.FdaSilvaYY1-2/+2
2016-02-05Ensure correct chain depth for policy checks with DANE bare key TAViktor Dukhovni1-0/+19
2016-02-05Long overdue cleanup of X509 policy tree verificationViktor Dukhovni1-3/+7
2016-01-31Compat self-signed trust with reject-only aux dataViktor Dukhovni1-7/+19
2016-01-31Check chain extensions also for trusted certificatesViktor Dukhovni1-33/+85
2016-01-26Remove /* foo.c */ commentsRich Salz1-1/+0
2016-01-20Check Suite-B constraints with EE DANE recordsViktor Dukhovni1-24/+31
2016-01-18Drop cached certificate signature validity flagViktor Dukhovni1-5/+1
2016-01-15Add lookup_certs for a trusted stack.Dr. Stephen Henson1-0/+21
2016-01-14Cosmetic polish for last-resort depth 0 checkViktor Dukhovni1-5/+5
2016-01-14Fix last-resort depth 0 check when the chain has multiple certificatesViktor Dukhovni1-4/+9
2016-01-14Always initialize X509_STORE_CTX get_crl pointerViktor Dukhovni1-0/+2
2016-01-07DANE support for X509_verify_cert()Viktor Dukhovni1-9/+399
2016-01-05DANE support structures, constructructors and accessorsViktor Dukhovni1-0/+7
2016-01-03Fix X509_STORE_CTX_cleanup()Viktor Dukhovni1-17/+21
2016-01-03X509_verify_cert() cleanupViktor Dukhovni1-343/+396
2015-12-14New function X509_get0_pubkeyDr. Stephen Henson1-14/+5
2015-12-01ex_data part 2: doc fixes and CRYPTO_free_ex_index.Rich Salz1-13/+0
2015-11-26Remove X509_VERIFY_PARAM_IDDr. Stephen Henson1-11/+10
2015-11-09Continue standardising malloc style for libcryptoMatt Caswell1-2/+2
2015-10-15embed CRL serial number and signature fieldsDr. Stephen Henson1-1/+1
2015-09-05In X509_STORE_CTX_init, cleanup on failuremrpre1-27/+33
2015-09-05RT3951: Add X509_V_FLAG_NO_CHECK_TIME to suppress time checkDavid Woodhouse1-0/+4
2015-09-03Revert "OPENSSL_NO_xxx cleanup: RFC3779"David Woodhouse1-0/+2
2015-09-02Add and use OPENSSL_zallocRich Salz1-2/+1
2015-09-02make X509_CRL opaqueDr. Stephen Henson1-0/+1
2015-09-02Better handling of verify param id peername fieldViktor Dukhovni1-0/+4
2015-08-31Add X509_up_ref function.Dr. Stephen Henson1-4/+4
2015-08-31Add X509_CRL_up_ref functionDr. Stephen Henson1-2/+2
2015-08-28GH354: Memory leak fixesAlessandro Ghedini1-2/+2
2015-08-13GH364: Free memory on an error pathIsmo Puustinen1-1/+2
2015-08-10RT3999: Remove sub-component version stringsRich Salz1-1/+0
2015-07-07Extend -show_chain option to verify to show more infoMatt Caswell1-0/+5
2015-07-07Reject calls to X509_verify_cert that have not been reinitialisedMatt Caswell1-8/+14
2015-07-07Fix alternate chains certificate forgery issueMatt Caswell1-1/+1
2015-06-11Fix length checks in X509_cmp_time to avoid out-of-bounds reads.Emilia Kasper1-10/+47
2015-05-14Identify and move common internal libcrypto header filesRichard Levitte1-1/+1
2015-05-06Initialize potentially uninitialized local variablesGunnar Kudrjavets1-4/+4
2015-05-05memset, memcpy, sizeof consistency fixesRich Salz1-6/+4
2015-05-04Use safer sizeof variant in mallocRich Salz1-2/+1
2015-05-01free NULL cleanup -- codaRich Salz1-4/+2
2015-05-01Remove goto inside an if(0) blockRich Salz1-5/+5
generated by cgit v1.1 at 2024-09-14 09:00:20 +0000