]> granicus.if.org Git - openssl/commit
projects / openssl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bd5192b) | patch
Check Suite-B constraints with EE DANE records
authorViktor Dukhovni <openssl-users@dukhovni.org>
Sun, 17 Jan 2016 21:50:52 +0000 (16:50 -0500)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Wed, 20 Jan 2016 23:59:46 +0000 (18:59 -0500)
commit6e32825631bea414c3fc70d16bbb413dac221722
tree5e304a86ef42e3c2b9bcb7c36ae03997a705d56btree | snapshot
parentbd5192b1013b68373c47bdca8d68229906171695commit | diff
Check Suite-B constraints with EE DANE records

When DANE-EE(3) matches or either of DANE-EE/PKIX-EE fails, we don't
build a chain at all, but rather succeed or fail with just the leaf
certificate.  In either case also check for Suite-B violations.

As unlikely as it may seem that anyone would enable both DANE and
Suite-B, we should do what the application asks.

Took the opportunity to eliminate the "cb" variables in x509_vfy.c,
just call ctx->verify_cb(ok, ctx)

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
crypto/x509/x509_cmp.c diff | blob | history
crypto/x509/x509_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.