- 30 7月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Allow inibit any policy flag to be set in apps.
-
- 13 7月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Ignore self issued certificates when checking path length constraints. Duplicate OIDs in policy tree in case they are allocated. Use anyPolicy from certificate cache and not current tree level.
-
- 28 2月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 07 9月, 2007 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix additional gcc 4.2 value not used warnings.
-
- 07 2月, 2007 1 次提交
-
-
由 Richard Levitte 提交于
free of those objects
-
- 21 1月, 2007 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 12 12月, 2006 1 次提交
-
-
由 Nils Larsch 提交于
-
- 06 12月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 27 11月, 2006 1 次提交
-
-
由 Ben Laurie 提交于
-
- 21 9月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
loaded. Add new function X509_CRL_get0_by_serial() to lookup a revoked entry to avoid the need to access the structure directly. Add new X509_CRL_METHOD to allow common CRL operations (verify, lookup) to be redirected.
-
- 18 9月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 15 9月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
handling to support this.
-
- 11 9月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
callbacks.
-
- 10 9月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
based on subject name. New thread safe functions to retrieve matching STACK from X509_STORE. Cache some IDP components.
-
- 26 7月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
verify logic to try to use an unexpired CRL if possible.
-
- 06 6月, 2005 1 次提交
-
-
由 Richard Levitte 提交于
PR: 1097
-
- 27 5月, 2005 1 次提交
-
-
由 Dr. Stephen Henson 提交于
expiry.
-
- 11 5月, 2005 1 次提交
-
-
由 Bodo Möller 提交于
(Also improve util/ck_errf.pl script, and occasionally fix source code formatting.)
-
- 21 4月, 2005 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Remove more bogus shadow warnings.
-
- 19 4月, 2005 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Fix Win32 build system to use 'Makefile' instead of 'Makefile.ssl'.
-
- 11 4月, 2005 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 10 4月, 2005 1 次提交
-
-
由 Richard Levitte 提交于
a security threat on unexpecting applications. Document and test.
-
- 31 3月, 2005 1 次提交
-
-
由 Ben Laurie 提交于
-
- 18 1月, 2005 1 次提交
-
-
由 Richard Levitte 提交于
- Enforce that there should be no policy settings when the language is one of id-ppl-independent or id-ppl-inheritAll. - Add functionality to ssltest.c so that it can process proxy rights and check that they are set correctly. Rights consist of ASCII letters, and the condition is a boolean expression that includes letters, parenthesis, &, | and ^. - Change the proxy certificate configurations so they get proxy rights that are understood by ssltest.c. - Add a script that tests proxy certificates with SSL operations. Other changes: - Change the copyright end year in mkerr.pl. - make update.
-
- 28 12月, 2004 1 次提交
-
-
由 Richard Levitte 提交于
-
- 05 12月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
failure and freeing up memory if a failure occurs. PR:620
-
- 29 11月, 2004 1 次提交
-
-
由 Richard Levitte 提交于
CA setting in each certificate on the chain is correct. As a side- effect always do the following basic checks on extensions, not just when there's an associated purpose to the check: - if there is an unhandled critical extension (unless the user has chosen to ignore this fault) - if the path length has been exceeded (if one is set at all) - that certain extensions fit the associated purpose (if one has been given)
-
- 05 10月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 01 10月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 07 9月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
This tidies up verify parameters and adds support for integrated policy checking. Add support for policy related command line options. Currently only in smime application. WARNING: experimental code subject to change.
-
- 28 3月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
verified structure can contain its own CRLs (such as PKCS#7 signedData). Tidy up some of the verify code.
-
- 06 3月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in CRL issuer certificates. Reject CRLs with unhandled (any) critical extensions.
-
- 01 10月, 2003 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 04 6月, 2003 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 10 12月, 2002 1 次提交
-
-
由 Richard Levitte 提交于
PR: 393
-
- 28 11月, 2002 1 次提交
-
-
由 Richard Levitte 提交于
I've covered all the memset()s I felt safe modifying, but may have missed some.
-
- 18 11月, 2002 1 次提交
-
-
由 Richard Levitte 提交于
Epoch. offset isn't such a measurement, so let's stop pretend it is.
-
- 23 2月, 2002 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 21 10月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reject certificates with unhandled critical extensions.
-
- 02 9月, 2001 1 次提交
-
-
由 Geoff Thorpe 提交于
See the commit log message for that for more information. NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented (initialisation by "memset" won't/can't/doesn't work). This fixes that but requires that X509_STORE_CTX_init() be able to handle errors - so its prototype has been changed to return 'int' rather than 'void'. All uses of that function throughout the source code have been tracked down and adjusted.
-