]> granicus.if.org Git - openssl/commit
projects / openssl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c70a1fe) | patch
Add new "valid_flags" field to CERT_PKEY structure which determines what
authorDr. Stephen Henson <steve@openssl.org>
Wed, 26 Dec 2012 14:26:53 +0000 (14:26 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 26 Dec 2012 14:26:53 +0000 (14:26 +0000)
commit484f8762352351598ffab55be6e6612891c291b7
tree1f7fe7b1b30e2296b25c5cddacf2787568b86ad5tree | snapshot
parentc70a1fee71119a9005b1f304a3bf47694b4a53accommit | diff
Add new "valid_flags" field to CERT_PKEY structure which determines what
the certificate can be used for (if anything). Set valid_flags field
in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
to have similar checks in it.

Add new "cert_flags" field to CERT structure and include a "strict mode".
This enforces some TLS certificate requirements (such as only permitting
certificate signature algorithms contained in the supported algorithms
extension) which some implementations ignore: this option should be used
with caution as it could cause interoperability issues.
(backport from HEAD)
CHANGES diff | blob | history
apps/s_server.c diff | blob | history
ssl/s3_lib.c diff | blob | history
ssl/ssl.h diff | blob | history
ssl/ssl_cert.c diff | blob | history
ssl/ssl_lib.c diff | blob | history
ssl/ssl_locl.h diff | blob | history
ssl/t1_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.