9f6b22b814
It is up to the caller of SSL_dane_tlsa_add() to take appropriate action when no records are added successfully or adding some records triggers an internal error (negative return value). With this change the caller can continue with PKIX if desired when none of the TLSA records are usable, or take some appropriate action if DANE is required. Also fixed the internal ssl_dane_dup() function to properly initialize the TLSA RR stack in the target SSL handle. Errors in ssl_dane_dup() are no longer ignored. Reviewed-by: Rich Salz <rsalz@openssl.org> |
||
---|---|---|
.. | ||
apps | ||
crypto | ||
HOWTO | ||
ssl | ||
dir-locals.example.el | ||
fingerprints.txt | ||
openssl-c-indent.el | ||
README |
README This file fingerprints.txt PGP fingerprints of authoried release signers standards.txt Moved to the web, https://www.openssl.org/docs/standards.html HOWTO/ A few how-to documents; not necessarily up-to-date apps/ The openssl command-line tools; start with openssl.pod ssl/ The SSL library; start with ssl.pod crypto/ The cryptographic library; start with crypto.pod Formatted versions of the manpages (apps,ssl,crypto) can be found at https://www.openssl.org/docs/manpages.html