openssl

History

Viktor Dukhovni f75b34c8c8 When strict SCT fails record verification failure Since with SSL_VERIFY_NONE, the connection may continue and the session may even be cached, we should save some evidence that the chain was not sufficiently verified and would have been rejected with SSL_VERIFY_PEER. To that end when a CT callback returs failure we set the verify result to X509_V_ERR_NO_VALID_SCTS. Note: We only run the CT callback in the first place if the verify result is still X509_V_OK prior to start of the callback. RT #4502 Reviewed-by: Tim Hudson <tjh@openssl.org>		2016-05-19 00:25:42 -04:00
..
apps	Document the esc_2254 command line name option	2016-05-18 18:30:00 +02:00
crypto	Improve and document low-level PEM read routines	2016-05-19 00:05:30 -04:00
HOWTO	Fixed a bunch of typos in the docs	2016-03-19 20:23:22 -04:00
ssl	When strict SCT fails record verification failure	2016-05-19 00:25:42 -04:00
dir-locals.example.el	Adjust the general fill-column in doc/dir-locals.example.el	2015-09-08 00:59:50 +02:00
fingerprints.txt	RT3802: Fixes typos in doc/crypto/	2015-05-03 08:51:23 -04:00
openssl-c-indent.el	Correct another batch of typos	2016-03-22 21:57:26 -04:00
README	Remove more unused things.	2016-03-18 09:40:25 -04:00

README

README  This file

fingerprints.txt
        PGP fingerprints of authoried release signers

standards.txt
        Moved to the web, https://www.openssl.org/docs/standards.html

HOWTO/
        A few how-to documents; not necessarily up-to-date
apps/
        The openssl command-line tools; start with openssl.pod
ssl/
        The SSL library; start with ssl.pod
crypto/
        The cryptographic library; start with crypto.pod

Formatted versions of the manpages (apps,ssl,crypto) can be found at
        https://www.openssl.org/docs/manpages.html