projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1b4cf96) | patch
Check chain extensions also for trusted certificates
authorViktor Dukhovni <openssl-users@dukhovni.org>
Thu, 28 Jan 2016 08:01:45 +0000 (03:01 -0500)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Mon, 1 Feb 2016 02:23:23 +0000 (21:23 -0500)
commit0daccd4dc1f1ac62181738a91714f35472e50f3c
tree5b7c2b6c5db0c2caf223ea978db03559b5eb90f8tree | snapshot
parent1b4cf96f9b82ec3b06e7902bb21620a09cadd94ecommit | diff
Check chain extensions also for trusted certificates

This includes basic constraints, key usages, issuer EKUs and auxiliary
trust OIDs (given a trust suitably related to the intended purpose).

Added tests and updated documentation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
15 files changed:
apps/opt.c diff | blob | history
crypto/x509/x509_trs.c diff | blob | history
crypto/x509/x509_vfy.c diff | blob | history
crypto/x509/x509_vpm.c diff | blob | history
doc/apps/verify.pod diff | blob | history
doc/apps/x509.pod diff | blob | history
doc/crypto/X509_VERIFY_PARAM_set_flags.pod diff | blob | history
include/openssl/x509.h diff | blob | history
test/certs/root+anyEKU.pem [new file with mode: 0644] blob
test/certs/root-anyEKU.pem [new file with mode: 0644] blob
test/certs/root2+clientAuth.pem [new file with mode: 0644] blob
test/certs/root2+serverAuth.pem [new file with mode: 0644] blob
test/certs/root2-serverAuth.pem [new file with mode: 0644] blob
test/certs/setup.sh diff | blob | history
test/recipes/25-test_verify.t diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.