generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Sync with version from master.

Browse Source
This commit is contained in:
Bodo Moeller 2013-09-17 09:55:27 +02:00
parent 1b9a59c36a
commit 8c149cfd83
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CHANGES
View File

@ -174,12 +174,12 @@
*) Fix OCSP checking. *) Fix OCSP checking.
[Rob Stradling <rob.stradling@comodo.com> and Ben Laurie] [Rob Stradling <rob.stradling@comodo.com> and Ben Laurie]
*) Backport support for partial chain verification: if an intermediate *) Initial experimental support for explicitly trusted non-root CAs.
certificate is explicitly trusted (using -addtrust option to x509 OpenSSL still tries to build a complete chain to a root but if an
utility for example) the verification is sucessful even if the chain intermediate CA has a trust setting included that is used. The first
is not complete. setting is used: whether to trust (e.g., -addtrust option to the x509
The OCSP checking fix depends on this backport. utility) or reject.
[Steve Henson and Rob Stradling <rob.stradling@comodo.com>] [Steve Henson]
*) Add -trusted_first option which attempts to find certificates in the *) Add -trusted_first option which attempts to find certificates in the
trusted store even if an untrusted chain is also supplied. trusted store even if an untrusted chain is also supplied.