projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0daccd4) | patch
Compat self-signed trust with reject-only aux data
authorViktor Dukhovni <openssl-users@dukhovni.org>
Fri, 29 Jan 2016 07:28:43 +0000 (02:28 -0500)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Mon, 1 Feb 2016 02:24:12 +0000 (21:24 -0500)
commit33cc5dde478ba5ad79f8fd4acd8737f0e60e236e
tree9c1ab89462ef00d5700c3712737a6ae960c2e604tree | snapshot
parent0daccd4dc1f1ac62181738a91714f35472e50f3ccommit | diff
Compat self-signed trust with reject-only aux data

When auxiliary data contains only reject entries, continue to trust
self-signed objects just as when no auxiliary data is present.

This makes it possible to reject specific uses without changing
what's accepted (and thus overring the underlying EKU).

Added new supported certs and doubled test count from 38 to 76.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
38 files changed:
crypto/x509/x509_trs.c diff | blob | history
crypto/x509/x509_vfy.c diff | blob | history
include/openssl/x509.h diff | blob | history
test/certs/ca+anyEKU.pem [new file with mode: 0644] blob
test/certs/ca-anyEKU.pem [new file with mode: 0644] blob
test/certs/ca-clientAuth.pem [new file with mode: 0644] blob
test/certs/cca+anyEKU.pem [new file with mode: 0644] blob
test/certs/cca+clientAuth.pem [new file with mode: 0644] blob
test/certs/cca+serverAuth.pem [new file with mode: 0644] blob
test/certs/cca-anyEKU.pem [new file with mode: 0644] blob
test/certs/cca-cert.pem [new file with mode: 0644] blob
test/certs/cca-clientAuth.pem [new file with mode: 0644] blob
test/certs/cca-serverAuth.pem [new file with mode: 0644] blob
test/certs/croot+anyEKU.pem [new file with mode: 0644] blob
test/certs/croot+clientAuth.pem [new file with mode: 0644] blob
test/certs/croot+serverAuth.pem [new file with mode: 0644] blob
test/certs/croot-anyEKU.pem [new file with mode: 0644] blob
test/certs/croot-cert.pem [new file with mode: 0644] blob
test/certs/croot-clientAuth.pem [new file with mode: 0644] blob
test/certs/croot-serverAuth.pem [new file with mode: 0644] blob
test/certs/mkcert.sh diff | blob | history
test/certs/root-clientAuth.pem [new file with mode: 0644] blob
test/certs/sca+anyEKU.pem [new file with mode: 0644] blob
test/certs/sca+clientAuth.pem [new file with mode: 0644] blob
test/certs/sca+serverAuth.pem [new file with mode: 0644] blob
test/certs/sca-anyEKU.pem [new file with mode: 0644] blob
test/certs/sca-cert.pem [new file with mode: 0644] blob
test/certs/sca-clientAuth.pem [new file with mode: 0644] blob
test/certs/sca-serverAuth.pem [new file with mode: 0644] blob
test/certs/setup.sh diff | blob | history
test/certs/sroot+anyEKU.pem [new file with mode: 0644] blob
test/certs/sroot+clientAuth.pem [new file with mode: 0644] blob
test/certs/sroot+serverAuth.pem [new file with mode: 0644] blob
test/certs/sroot-anyEKU.pem [new file with mode: 0644] blob
test/certs/sroot-cert.pem [new file with mode: 0644] blob
test/certs/sroot-clientAuth.pem [new file with mode: 0644] blob
test/certs/sroot-serverAuth.pem [new file with mode: 0644] blob
test/recipes/25-test_verify.t diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.