- 01 9月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
a delta CRL in addition to a full CRL. Check and search delta in addition to the base.
-
- 29 8月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Tidy CRL scoring system. Add new CRL path validation error.
-
- 14 8月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
and CRL signing keys.
-
- 08 8月, 2008 1 次提交
-
-
由 Dr. Stephen Henson 提交于
TODO: robustness checking on name forms.
-
- 27 11月, 2006 1 次提交
-
-
由 Ben Laurie 提交于
-
- 18 9月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 15 9月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
handling to support this.
-
- 11 9月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
callbacks.
-
- 10 9月, 2006 1 次提交
-
-
由 Dr. Stephen Henson 提交于
based on subject name. New thread safe functions to retrieve matching STACK from X509_STORE. Cache some IDP components.
-
- 03 9月, 2005 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 10 4月, 2005 1 次提交
-
-
由 Richard Levitte 提交于
a security threat on unexpecting applications. Document and test.
-
- 28 12月, 2004 1 次提交
-
-
由 Richard Levitte 提交于
-
- 29 11月, 2004 1 次提交
-
-
由 Richard Levitte 提交于
CA setting in each certificate on the chain is correct. As a side- effect always do the following basic checks on extensions, not just when there's an associated purpose to the check: - if there is an unhandled critical extension (unless the user has chosen to ignore this fault) - if the path length has been exceeded (if one is set at all) - that certain extensions fit the associated purpose (if one has been given)
-
- 01 10月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 18 9月, 2004 1 次提交
-
-
由 Geoff Thorpe 提交于
-
- 07 9月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
This tidies up verify parameters and adds support for integrated policy checking. Add support for policy related command line options. Currently only in smime application. WARNING: experimental code subject to change.
-
- 20 5月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 19 5月, 2004 1 次提交
-
-
由 Richard Levitte 提交于
when trying to build a shared library on VMS or Windows...
-
- 02 4月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 28 3月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
verified structure can contain its own CRLs (such as PKCS#7 signedData). Tidy up some of the verify code.
-
- 25 3月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
I'll remember to try to compile this with warnings enabled next time :-)
-
- 23 3月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
This is currently *very* experimental and needs to be more fully integrated with the main verification code.
-
- 06 3月, 2004 1 次提交
-
-
由 Dr. Stephen Henson 提交于
when X509_V_FLAG_X509_STRICT is set. Check for CRLSign in CRL issuer certificates. Reject CRLs with unhandled (any) critical extensions.
-
- 21 3月, 2003 1 次提交
-
-
由 Richard Levitte 提交于
-
- 21 10月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Reject certificates with unhandled critical extensions.
-
- 02 9月, 2001 1 次提交
-
-
由 Geoff Thorpe 提交于
See the commit log message for that for more information. NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented (initialisation by "memset" won't/can't/doesn't work). This fixes that but requires that X509_STORE_CTX_init() be able to handle errors - so its prototype has been changed to return 'int' rather than 'void'. All uses of that function throughout the source code have been tracked down and adjusted.
-
- 06 8月, 2001 3 次提交
-
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
sourcecode (including fgrep)
-
由 Ben Laurie 提交于
-
- 30 7月, 2001 1 次提交
-
-
由 Lutz Jänicke 提交于
-
- 10 5月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Purpose and trust setting functions for X509_STORE. Tidy existing code.
-
- 09 5月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
inherited from X509_STORE. Add CRL checking options to other applications.
-
- 08 5月, 2001 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Initial CRL based revocation checking.
-
- 20 2月, 2001 1 次提交
-
-
由 Richard Levitte 提交于
sure they are available in opensslconf.h, by giving them names starting with "OPENSSL_" to avoid conflicts with other packages and by making sure e_os2.h will cover all platform-specific cases together with opensslconf.h. I've checked fairly well that nothing breaks with this (apart from external software that will adapt if they have used something like NO_KRB5), but I can't guarantee it completely, so a review of this change would be a good thing.
-
- 06 9月, 2000 3 次提交
-
-
由 Bodo Möller 提交于
-
由 Dr. Stephen Henson 提交于
Add support for settable verify time in X509_verify_cert(). Document rsautl utility.
-
由 Dr. Stephen Henson 提交于
The old code was painfully primitive and couldn't handle distinct certificates using the same subject name. The new code performs several tests on a candidate issuer certificate based on certificate extensions. It also adds several callbacks to X509_VERIFY_CTX so its behaviour can be customised. Unfortunately some hackery was needed to persuade X509_STORE to tolerate this. This should go away when X509_STORE is replaced, sometime... This must have broken something though :-(
-
- 17 6月, 2000 1 次提交
-
-
由 Dr. Stephen Henson 提交于
After some messing around this seems to work but needs a few more tests. Working out the syntax for sk_set_cmp_func() (cast it to a function that itself returns a function pointer) was painful :-( Needs some testing to see what other compilers think of this syntax. Also needs similar stuff for ASN1_SET_OF etc etc.
-
- 09 6月, 2000 1 次提交
-
-
由 Richard Levitte 提交于
was a really bad idea. For example, the following: #include <x509.h> #include <bio.h> #include <asn1.h> would make sure that things like ASN1_UTCTIME_print() wasn't defined unless you moved the inclusion of bio.h to above the inclusion of x509.h. The reason is that x509.h includes asn1.h, and the declaration of ASN1_UTCTIME_print() depended on the definition of HEADER_BIO_H. That's what I call an obscure bug. Instead, this change makes sure that whatever header files are needed for the correct process of one header file are included automagically, and that the definitions of, for example, BIO-related things are dependent on the absence of the NO_{foo} macros. This is also consistent with the way parts of OpenSSL can be excluded at will.
-
- 01 6月, 2000 1 次提交
-
-
由 Geoff Thorpe 提交于
libeay.num and ssleay.num.
-