summaryrefslogtreecommitdiffstats
path: root/crypto/x509/x509_vfy.c (follow)
Commit message (Expand)AuthorAgeFilesLines
* Apply self-imposed path length also to root CAsViktor Dukhovni2018-10-181-5/+4
* Only CA certificates can be self-issuedViktor Dukhovni2018-10-181-2/+2
* Skip CN DNS name constraint checks when not neededViktor Dukhovni2018-05-231-1/+27
* Update copyright yearMatt Caswell2018-05-011-1/+1
* X509: add more error codes on malloc or sk_TYP_push failureFdaSilvaYY2018-04-241-0/+3
* Remove unnecessary #include <openssl/lhash.h> directives.Pauli2017-09-281-1/+0
* Guard against DoS in name constraints handling.David Benjamin2017-09-221-1/+3
* Use "" not <> for internal/ includesRich Salz2017-08-221-2/+2
* This has been added to avoid the situation where some host ctype.h functionsPauli2017-08-221-3/+3
* Remove OPENSSL_assert() from crypto/x509Matt Caswell2017-08-211-4/+27
* Use X509_get_signature_info() when checking security levels.Dr. Stephen Henson2017-04-251-10/+2
* X509 time: tighten validation per RFC 5280Emilia Kasper2017-02-241-99/+48
* Restore last-resort expired untrusted intermediate issuersViktor Dukhovni2016-12-031-7/+8
* Un-delete still documented X509_STORE_CTX_set_verifyViktor Dukhovni2016-08-241-0/+6
* Add some sanity checks when checking CRL scoresMatt Caswell2016-08-231-2/+2
* Constify certificate and CRL time routines.Dr. Stephen Henson2016-08-191-9/+9
* spelling fixes, just comments and readme.klemens2016-08-061-1/+1
* Don't check any revocation info on proxy certificatesRichard Levitte2016-08-031-0/+3
* Fix CRL time comparison.Dr. Stephen Henson2016-07-291-1/+5
* Remove current_method from X509_STORE_CTXDr. Stephen Henson2016-07-261-1/+0
* Add setter and getter for X509_STORE's check_policyRichard Levitte2016-07-251-2/+5
* Add getters / setters for the X509_STORE_CTX and X509_STORE functionsRichard Levitte2016-07-251-14/+58
* Use newest CRL.Dr. Stephen Henson2016-07-221-6/+14
* Perform DANE-EE(3) name checks by defaultViktor Dukhovni2016-07-121-0/+4
* Add nameConstraints commonName checking.Dr. Stephen Henson2016-07-121-0/+4
* Remove the envvar hack to enable proxy cert processingRichard Levitte2016-06-301-6/+0
* Whitespace cleanup in cryptoFdaSilvaYY2016-06-291-1/+1
* Fix proxy certificate pathlength verificationRichard Levitte2016-06-201-4/+18
* Check that the subject name in a proxy cert complies to RFC 3820Richard Levitte2016-06-201-0/+73
* Ensure verify error is set when X509_verify_cert() failsViktor Dukhovni2016-05-181-9/+38
* X509_STORE_CTX accessors.Rich Salz2016-05-171-2/+2
* Copyright consolidation 09/10Rich Salz2016-05-171-54/+6
* fix tab-space mixed indentationFdaSilvaYY2016-05-091-3/+3
* Drop duplicate ctx->verify_cb assignmentViktor Dukhovni2016-05-031-4/+3
* Implement X509_STORE_CTX_set_current_cert() accessorViktor Dukhovni2016-04-281-0/+5
* Future proof build_chain() in x509_vfy.cViktor Dukhovni2016-04-271-1/+14
* Added missing X509_STORE_CTX_set_error_depth() accessorViktor Dukhovni2016-04-251-0/+5
* Rename some lowercase API'sRich Salz2016-04-181-2/+2
* Add X509_STORE_CTX_set0_untrusted function.Dr. Stephen Henson2016-04-161-0/+5
* Make many X509_xxx types opaque.Rich Salz2016-04-151-9/+35
* Add SSL_DANE typedef for consistency.Rich Salz2016-04-081-9/+9
* Move peer chain security checks into x509_vfy.cViktor Dukhovni2016-04-031-26/+134
* Tidy up x509_vfy callback handlingViktor Dukhovni2016-04-031-286/+217
* Require intermediate CAs to have basicConstraints CA:true.Viktor Dukhovni2016-03-301-1/+2
* Add a comment on dane_verify() logicViktor Dukhovni2016-03-211-1/+13
* Convert CRYPTO_LOCK_X509_* to new multi-threading APIAlessandro Ghedini2016-03-081-1/+2
* Deprecate the -issuer_checks debugging optionViktor Dukhovni2016-02-101-10/+1
* Suppress DANE TLSA reflection when verification failsViktor Dukhovni2016-02-081-5/+3
* GH601: Various spelling fixes.FdaSilvaYY2016-02-051-2/+2
* Ensure correct chain depth for policy checks with DANE bare key TAViktor Dukhovni2016-02-051-0/+19
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 22:58:18 +0100