projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 86334b6) | patch
Drop cached certificate signature validity flag
authorViktor Dukhovni <openssl-users@dukhovni.org>
Sun, 17 Jan 2016 07:33:14 +0000 (02:33 -0500)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Mon, 18 Jan 2016 18:20:48 +0000 (13:20 -0500)
commit0e76014e584ba78ef1d6ecb4572391ef61c4fb51
tree7f12b477dda49ed717ab35a38e81f39f019f6a02tree | snapshot
parent86334b6a61b35a3f3d487cc0eb74ac1aff79d185commit | diff
Drop cached certificate signature validity flag

It seems risky in the context of cross-signed certificates when the
same certificate might have multiple potential issuers.  Also rarely
used, since chains in OpenSSL typically only employ self-signed
trust-anchors, whose self-signatures are not checked, while untrusted
certificates are generally ephemeral.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
crypto/include/internal/x509_int.h diff | blob | history
crypto/x509/x509_vfy.c diff | blob | history
crypto/x509/x_x509.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.