wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/crypto/x509
History
Viktor Dukhovni 3342dcea7a Reject when explicit trust EKU are set and none match. 
Returning untrusted is enough for for full chains that end in
self-signed roots, because when explicit trust is specified it
suppresses the default blanket trust of self-signed objects.

But for partial chains, this is not enough, because absent a similar
trust-self-signed policy, non matching EKUs are indistinguishable
from lack of EKU constraints.

Therefore, failure to match any trusted purpose must trigger an
explicit reject.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-20 19:03:36 -05:00
..
by_dir.c Only declare stacks in headers 2016-01-07 18:00:51 +00:00
by_file.c Remove BIO_s_file_internal macro. 2015-10-02 14:22:05 -04:00
Makefile.in Remove update tags 2016-01-20 09:09:14 -05:00
t_crl.c Remove useless code 2015-10-23 19:52:08 +02:00
t_req.c Fix path in comments 2015-09-22 16:47:09 +01:00
t_x509.c New function X509_get0_pubkey 2015-12-14 23:06:14 +00:00
x509_att.c Identify and move common internal libcrypto header files 2015-05-14 17:21:40 +02:00
x509_cmp.c Check Suite-B constraints with EE DANE records 2016-01-20 18:59:46 -05:00
x509_d2.c Fix no-stdio build 2015-09-29 21:59:19 -04:00
x509_def.c Identify and move common internal libcrypto header files 2015-05-14 17:21:40 +02:00
x509_err.c DANE support for X509_verify_cert() 2016-01-07 13:48:59 -05:00
x509_ext.c Embed X509_CINF 2015-09-16 22:33:25 +01:00
x509_lcl.h Only declare stacks in headers 2016-01-07 18:00:51 +00:00
x509_lu.c Remove useless locking code 2015-11-24 22:38:32 +01:00
x509_obj.c Identify and move common internal libcrypto header files 2015-05-14 17:21:40 +02:00
x509_r2x.c Embed X509_REQ_INFO 2015-09-16 22:33:25 +01:00
x509_req.c make EVP_PKEY opaque 2016-01-20 03:24:59 +00:00
x509_set.c Add new X509 accessors 2015-11-14 00:13:08 +00:00
x509_trs.c Reject when explicit trust EKU are set and none match. 2016-01-20 19:03:36 -05:00
x509_txt.c Identify and move common internal libcrypto header files 2015-05-14 17:21:40 +02:00
x509_v3.c embed value field of X509_EXTENSION 2015-10-15 15:36:58 +01:00
x509_vfy.c Check Suite-B constraints with EE DANE records 2016-01-20 18:59:46 -05:00
x509_vpm.c Empty SNI names are not valid 2016-01-16 17:15:28 -05:00
x509cset.c embed CRL serial number and signature fields 2015-10-15 15:36:58 +01:00
x509name.c Identify and move common internal libcrypto header files 2015-05-14 17:21:40 +02:00
x509rset.c Embed X509_REQ_INFO 2015-09-16 22:33:25 +01:00
x509spki.c Continue standardising malloc style for libcrypto 2015-11-09 22:48:41 +00:00
x509type.c make EVP_PKEY opaque 2016-01-20 03:24:59 +00:00
x_all.c embed CRL serial number and signature fields 2015-10-15 15:36:58 +01:00
x_attrib.c Fix path in comments 2015-09-22 16:47:09 +01:00
x_crl.c Continue standardising malloc style for libcrypto 2015-11-09 22:48:41 +00:00
x_exten.c embed value field of X509_EXTENSION 2015-10-15 15:36:58 +01:00
x_name.c Only declare stacks in headers 2016-01-07 18:00:51 +00:00
x_req.c Fix path in comments 2015-09-22 16:47:09 +01:00
x_x509.c Drop cached certificate signature validity flag 2016-01-18 13:20:48 -05:00
x_x509a.c Add new X509 accessors 2015-11-14 00:13:08 +00:00