A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).
With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").
Contributed by: Florian Weimer <fweimer@redhat.com>
Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.
dh.h, dsa.h, ec.h, ecdh.h, ecdsa.h, rsa.h), as the opaque bignum types are
already declared in ossl_typ.h. Add explicit includes for bn.h in those C
files that need access to structure internals or API functions+macros.
the 'ca' utility. This can now be extensively
customised in the configuration file and handles
multibyte strings and extensions properly.
This is required when extensions copying from
certificate requests is supported: the user
must be able to view the extensions before
allowing a certificate to be issued.
like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages. That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.
This change includes all the name changes needed throughout all C files.
seemed like a good idea at the time... several hours later it was rather
obvious that these are used all over the place making the changes rather
extensive.
used with negative char values, so I've added casts to unsigned char.
Maybe what really should be done is change all those arrays and
pointers to type unsigned char [] or unsigned char *, respectively;
but using plain char with those predicates is just wrong, so something
had to be done.
Submitted by:
Reviewed by:
PR:
without -debug option to mk1mf.pl. Change _export to is_export (_export is
a reserved word under VC++). Add yucky function prototype function pointer
casts. Sanitise the included files in crypto/x509v3.
Also changed ssleay.exe target to openssl.exe
name, issuer and authority key id. Change the i2v function parameters
and add an extra 'crl' parameter in the X509V3_CTX structure: guess
what that's for :-) Fix to ASN1 macro which messed up
IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.