granicus.if.org Git - openssl/commit

author	Dr. Stephen Henson <steve@openssl.org>
	Thu, 28 Jun 2012 12:45:49 +0000 (12:45 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Thu, 28 Jun 2012 12:45:49 +0000 (12:45 +0000)
commit	d61ff83be977d9622b98f61a49ab3c1ca2db78a1
tree	f29721e92e40eb9efc2276e1f6efbb74c591ebce	tree \| snapshot
parent	be681e123c3582f7bef18ed41b5ffa4793e8c4f7	commit \| diff

Add new "valid_flags" field to CERT_PKEY structure which determines what
the certificate can be used for (if anything). Set valid_flags field
in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
to have similar checks in it.

Add new "cert_flags" field to CERT structure and include a "strict mode".
This enforces some TLS certificate requirements (such as only permitting
certificate signature algorithms contained in the supported algorithms
extension) which some implementations ignore: this option should be used
with caution as it could cause interoperability issues.

CHANGES		diff \| blob \| history
apps/s_server.c		diff \| blob \| history
ssl/s3_lib.c		diff \| blob \| history
ssl/ssl.h		diff \| blob \| history
ssl/ssl_cert.c		diff \| blob \| history
ssl/ssl_lib.c		diff \| blob \| history
ssl/ssl_locl.h		diff \| blob \| history
ssl/t1_lib.c		diff \| blob \| history