openssl/x509 at c5eed2775eced6f324516c0fcb981c67e2d04fc3 - openssl - Atria-soft GIT

generic-library/openssl

History

Viktor Dukhovni 3342dcea7a Reject when explicit trust EKU are set and none match.

Returning untrusted is enough for for full chains that end in
self-signed roots, because when explicit trust is specified it
suppresses the default blanket trust of self-signed objects.

But for partial chains, this is not enough, because absent a similar
trust-self-signed policy, non matching EKUs are indistinguishable
from lack of EKU constraints.

Therefore, failure to match any trusted purpose must trigger an
explicit reject.

Reviewed-by: Richard Levitte <levitte@openssl.org>

2016-01-20 19:03:36 -05:00

..

by_dir.c

Only declare stacks in headers

2016-01-07 18:00:51 +00:00

by_file.c

Remove BIO_s_file_internal macro.

2015-10-02 14:22:05 -04:00

Makefile.in

Remove update tags

2016-01-20 09:09:14 -05:00

t_crl.c

Remove useless code

2015-10-23 19:52:08 +02:00

t_req.c

Fix path in comments

2015-09-22 16:47:09 +01:00

t_x509.c

New function X509_get0_pubkey

2015-12-14 23:06:14 +00:00

x509_att.c

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

x509_cmp.c

Check Suite-B constraints with EE DANE records

2016-01-20 18:59:46 -05:00

x509_d2.c

Fix no-stdio build

2015-09-29 21:59:19 -04:00

x509_def.c

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

x509_err.c

DANE support for X509_verify_cert()

2016-01-07 13:48:59 -05:00

x509_ext.c

Embed X509_CINF

2015-09-16 22:33:25 +01:00

x509_lcl.h

Only declare stacks in headers

2016-01-07 18:00:51 +00:00

x509_lu.c

Remove useless locking code

2015-11-24 22:38:32 +01:00

x509_obj.c

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

x509_r2x.c

Embed X509_REQ_INFO

2015-09-16 22:33:25 +01:00

x509_req.c

make EVP_PKEY opaque

2016-01-20 03:24:59 +00:00

x509_set.c

Add new X509 accessors

2015-11-14 00:13:08 +00:00

x509_trs.c

Reject when explicit trust EKU are set and none match.

2016-01-20 19:03:36 -05:00

x509_txt.c

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

x509_v3.c

embed value field of X509_EXTENSION

2015-10-15 15:36:58 +01:00

x509_vfy.c

Check Suite-B constraints with EE DANE records

2016-01-20 18:59:46 -05:00

x509_vpm.c

Empty SNI names are not valid

2016-01-16 17:15:28 -05:00

x509cset.c

embed CRL serial number and signature fields

2015-10-15 15:36:58 +01:00

x509name.c

Identify and move common internal libcrypto header files

2015-05-14 17:21:40 +02:00

x509rset.c

Embed X509_REQ_INFO

2015-09-16 22:33:25 +01:00

x509spki.c

Continue standardising malloc style for libcrypto

2015-11-09 22:48:41 +00:00

x509type.c

make EVP_PKEY opaque

2016-01-20 03:24:59 +00:00

x_all.c

embed CRL serial number and signature fields

2015-10-15 15:36:58 +01:00

x_attrib.c

Fix path in comments

2015-09-22 16:47:09 +01:00

x_crl.c

Continue standardising malloc style for libcrypto

2015-11-09 22:48:41 +00:00

x_exten.c

embed value field of X509_EXTENSION

2015-10-15 15:36:58 +01:00

x_name.c

Only declare stacks in headers

2016-01-07 18:00:51 +00:00

x_req.c

Fix path in comments

2015-09-22 16:47:09 +01:00

x_x509.c

Drop cached certificate signature validity flag

2016-01-18 13:20:48 -05:00

x_x509a.c

Add new X509 accessors

2015-11-14 00:13:08 +00:00