2f043896d1
The old code was painfully primitive and couldn't handle distinct certificates using the same subject name. The new code performs several tests on a candidate issuer certificate based on certificate extensions. It also adds several callbacks to X509_VERIFY_CTX so its behaviour can be customised. Unfortunately some hackery was needed to persuade X509_STORE to tolerate this. This should go away when X509_STORE is replaced, sometime... This must have broken something though :-( |
||
|---|---|---|
| .. | ||
| .cvsignore | ||
| Makefile.ssl | ||
| safestack.h | ||
| stack.c | ||
| stack.h | ||