wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
23334 commits 20 branches 302 tags 153 MiB
Commit graph

12 commits

Author SHA1 Message Date
Rob Percival
08e588b7d5 Convert C++ comments to C-style comments 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
 2016-11-15 16:12:41 -05:00
Rob Percival
5e08606619 Cast time_t to uint64_t before converting to milliseconds in ct_policy.c 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
 2016-11-15 16:12:41 -05:00
Rob Percival
c22aa33e29 By default, allow SCT timestamps to be up to 5 minutes in the future 
As requested in
https://github.com/openssl/openssl/pull/1554#issuecomment-246371575.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
 2016-11-15 16:12:41 -05:00
Rob Percival
f0f535e92b Don't check for time() failing in CT_POLICY_EVAL_CTX_new 
See https://github.com/openssl/openssl/pull/1554#issuecomment-246354677.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
 2016-11-15 16:12:41 -05:00
Rob Percival
e25233d99c Default CT_POLICY_EVAL_CTX.epoch_time_in_ms to time() 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
 2016-11-15 16:12:41 -05:00
Rob Percival
1fa9ffd934 Check that SCT timestamps are not in the future 
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
 2016-11-15 16:12:41 -05:00
Matt Caswell
2b201c5c9d Ensure CT_POLICY_EVAL_CTX_free behaves properly with a NULL arg 
Reviewed-by: Tim Hudson <tjh@openssl.org>
 2016-08-23 00:19:15 +01:00
Rob Percival
11c68ceaa6 Make CT_POLICY_EVAL_CTX_set1_{cert,issuer} into boolean functions 
They may fail if they cannot increment the reference count of the
certificate they are storing a pointer for. They should return 0 if this
occurs.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
 2016-08-15 12:56:47 -04:00
Rob Percival
a1bb7708ce Improves CTLOG_STORE setters 
Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
 2016-08-15 12:56:47 -04:00
Rich Salz
d2e9e32018 Copyright consolidation 07/10 
Reviewed-by: Richard Levitte <levitte@openssl.org>
 2016-05-17 14:51:26 -04:00
Rob Percival
680ddc996b constify CT_POLICY_EVAL_CTX getters 
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-11 09:06:04 -05:00
Rob Percival
7d054e5ab2 CT policy validation 
Specifies a callback that will, in the future, be used by the SSL code to
decide whether to abort a connection on Certificate Transparency grounds.

Reviewed-by: Ben Laurie <ben@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
 2016-03-01 20:03:25 +00:00