index
:
openssl.git
OpenSSL_0_9_6-stable
OpenSSL_0_9_7-stable
OpenSSL_0_9_8-stable
OpenSSL_1_0_0-stable
OpenSSL_1_0_1-stable
OpenSSL_1_0_2-stable
OpenSSL_1_1_0-stable
feature/SSL_CTX_get_ciphers
fix-ssl_next_proto_validate
fix/EC_KEY_set_private_key-null
fix/x509-store-ex-data
fix/x509-store-remove-old
ky/bn-print-fix
ky/pem-read-fix-unsigned-cast
ky/ssl-fix-get-session-cb
master
topic/SSL_get_max_early_data-typofix
topic/X509_load_cert_crl_file-errorleakfix
topic/bn-bn2dec-fix
topic/chacha20-flags
topic/ec-group-get-ecparameters-memory-leak
topic/evp-chacha20-poly1305-cleanup-typofix
topic/evp-chacha20-poly1305-init-segv
topic/fix-asn1-integer-decode
topic/fix-config-parse-oid_section
rhe's working repository
about
summary
refs
log
tree
commit
diff
stats
log msg
author
committer
range
path:
root
/
crypto
/
x509
/
x509_vfy.c
Commit message (
Expand
)
Author
Age
Files
Lines
*
Use X509_get_signature_info() when checking security levels.
Dr. Stephen Henson
2017-04-25
1
-10
/
+2
*
X509 time: tighten validation per RFC 5280
Emilia Kasper
2017-02-24
1
-99
/
+48
*
Restore last-resort expired untrusted intermediate issuers
Viktor Dukhovni
2016-12-02
1
-7
/
+8
*
Un-delete still documented X509_STORE_CTX_set_verify
Viktor Dukhovni
2016-08-24
1
-0
/
+6
*
Add some sanity checks when checking CRL scores
Matt Caswell
2016-08-23
1
-2
/
+2
*
Constify certificate and CRL time routines.
Dr. Stephen Henson
2016-08-19
1
-9
/
+9
*
spelling fixes, just comments and readme.
klemens
2016-08-05
1
-1
/
+1
*
Don't check any revocation info on proxy certificates
Richard Levitte
2016-08-03
1
-0
/
+3
*
Fix CRL time comparison.
Dr. Stephen Henson
2016-07-29
1
-1
/
+5
*
Remove current_method from X509_STORE_CTX
Dr. Stephen Henson
2016-07-26
1
-1
/
+0
*
Add setter and getter for X509_STORE's check_policy
Richard Levitte
2016-07-25
1
-2
/
+5
*
Add getters / setters for the X509_STORE_CTX and X509_STORE functions
Richard Levitte
2016-07-25
1
-14
/
+58
*
Use newest CRL.
Dr. Stephen Henson
2016-07-22
1
-6
/
+14
*
Perform DANE-EE(3) name checks by default
Viktor Dukhovni
2016-07-12
1
-0
/
+4
*
Add nameConstraints commonName checking.
Dr. Stephen Henson
2016-07-11
1
-0
/
+4
*
Remove the envvar hack to enable proxy cert processing
Richard Levitte
2016-06-30
1
-6
/
+0
*
Whitespace cleanup in crypto
FdaSilvaYY
2016-06-29
1
-1
/
+1
*
Fix proxy certificate pathlength verification
Richard Levitte
2016-06-20
1
-4
/
+18
*
Check that the subject name in a proxy cert complies to RFC 3820
Richard Levitte
2016-06-20
1
-0
/
+73
*
Ensure verify error is set when X509_verify_cert() fails
Viktor Dukhovni
2016-05-18
1
-9
/
+38
*
X509_STORE_CTX accessors.
Rich Salz
2016-05-17
1
-2
/
+2
*
Copyright consolidation 09/10
Rich Salz
2016-05-17
1
-54
/
+6
*
fix tab-space mixed indentation
FdaSilvaYY
2016-05-09
1
-3
/
+3
*
Drop duplicate ctx->verify_cb assignment
Viktor Dukhovni
2016-05-03
1
-4
/
+3
*
Implement X509_STORE_CTX_set_current_cert() accessor
Viktor Dukhovni
2016-04-28
1
-0
/
+5
*
Future proof build_chain() in x509_vfy.c
Viktor Dukhovni
2016-04-27
1
-1
/
+14
*
Added missing X509_STORE_CTX_set_error_depth() accessor
Viktor Dukhovni
2016-04-25
1
-0
/
+5
*
Rename some lowercase API's
Rich Salz
2016-04-18
1
-2
/
+2
*
Add X509_STORE_CTX_set0_untrusted function.
Dr. Stephen Henson
2016-04-16
1
-0
/
+5
*
Make many X509_xxx types opaque.
Rich Salz
2016-04-15
1
-9
/
+35
*
Add SSL_DANE typedef for consistency.
Rich Salz
2016-04-08
1
-9
/
+9
*
Move peer chain security checks into x509_vfy.c
Viktor Dukhovni
2016-04-03
1
-26
/
+134
*
Tidy up x509_vfy callback handling
Viktor Dukhovni
2016-04-03
1
-286
/
+217
*
Require intermediate CAs to have basicConstraints CA:true.
Viktor Dukhovni
2016-03-29
1
-1
/
+2
*
Add a comment on dane_verify() logic
Viktor Dukhovni
2016-03-20
1
-1
/
+13
*
Convert CRYPTO_LOCK_X509_* to new multi-threading API
Alessandro Ghedini
2016-03-08
1
-1
/
+2
*
Deprecate the -issuer_checks debugging option
Viktor Dukhovni
2016-02-10
1
-10
/
+1
*
Suppress DANE TLSA reflection when verification fails
Viktor Dukhovni
2016-02-08
1
-5
/
+3
*
GH601: Various spelling fixes.
FdaSilvaYY
2016-02-05
1
-2
/
+2
*
Ensure correct chain depth for policy checks with DANE bare key TA
Viktor Dukhovni
2016-02-05
1
-0
/
+19
*
Long overdue cleanup of X509 policy tree verification
Viktor Dukhovni
2016-02-05
1
-3
/
+7
*
Compat self-signed trust with reject-only aux data
Viktor Dukhovni
2016-01-31
1
-7
/
+19
*
Check chain extensions also for trusted certificates
Viktor Dukhovni
2016-01-31
1
-33
/
+85
*
Remove /* foo.c */ comments
Rich Salz
2016-01-26
1
-1
/
+0
*
Check Suite-B constraints with EE DANE records
Viktor Dukhovni
2016-01-20
1
-24
/
+31
*
Drop cached certificate signature validity flag
Viktor Dukhovni
2016-01-18
1
-5
/
+1
*
Add lookup_certs for a trusted stack.
Dr. Stephen Henson
2016-01-15
1
-0
/
+21
*
Cosmetic polish for last-resort depth 0 check
Viktor Dukhovni
2016-01-14
1
-5
/
+5
*
Fix last-resort depth 0 check when the chain has multiple certificates
Viktor Dukhovni
2016-01-14
1
-4
/
+9
*
Always initialize X509_STORE_CTX get_crl pointer
Viktor Dukhovni
2016-01-14
1
-0
/
+2
[next]