summaryrefslogtreecommitdiff
path: root/lib/libcrypto/x509/x509_verify.c
AgeCommit message (Expand)Author
2023-05-07Remove a misplaced empty lineTheo Buehler
2023-04-28Enable policy checking by default now that we are DAG implementation based.Bob Beck
2023-04-16Remove some dead code from the new verifierTheo Buehler
2023-01-20Refactor x509v3_cache_extensionsJob Snijders
2023-01-17Don't do policy checking unless we were asked to do so.Bob Beck
2022-10-17Store errors that result from leaf certificate verification.Joel Sing
2022-08-05Remove overly aggressive trust check in legacy verifier that breaksBob Beck
2022-06-28Take away bogus error assignment before callback call.Bob Beck
2022-06-28Fix the legacy verifier callback behaviour for untrusted certs.Bob Beck
2022-06-27Allow security_level to mestastasize into the verifierTheo Buehler
2022-06-25Move leaf certificate checks to the last thing after chain validation.Bob Beck
2022-04-12KNF for a brace and zap trailing blank lineTheo Buehler
2021-11-24In some situations, the verifier would discard the error on an unvalidatedBob Beck
2021-11-14Put curly brace on the correct line.Joel Sing
2021-11-07In X509_STORE_CTX rename the misnamed last_untrusted to num_untrustedTheo Buehler
2021-11-04Cache sha512 hash and parsed not_before and not_after with X509 cert.Bob Beck
2021-10-26Add RFC 3779 checks to both legacy and new verifierJob Snijders
2021-09-09When calling the legacy callback, ensure we catch the case where itBob Beck
2021-09-03Call the callback on success in new verifier in a compatible wayBob Beck
2021-08-30Revert previous change that changed our default return for unable toBob Beck
2021-08-30Fix Jan's regress in openssl/x509 to do what it says it does,Bob Beck
2021-08-29Don't call the verify callback twice on success.Bob Beck
2021-08-28Get rid of historical code to extract the roots in the legacy case.Bob Beck
2021-08-28Remove the "dump_chain" flag and code. This was a workaround for a problem whereBob Beck
2021-08-19Pull roots out of the trust store in the legacy xsc when building chainsBob Beck
2021-08-18Add a check_trust call to the legacy chain validation on chain add, rememberingBob Beck
2021-08-18Refactor the legacy chain validation from the chain adding code into itsBob Beck
2021-07-12Use the x509_verify_cert_cache_extensions fuction instead of manuallyBob Beck
2021-07-10Add a bunch of workarond in the verifier to support partial chains andBob Beck
2021-04-28Revert "Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in newTheo Buehler
2021-03-13Use EXFLAG_INVALID to handle out of memory and parse errors intobhe
2021-03-12Fix checks of memory caps of constraints namesTheo Buehler
2021-02-26Set is_trusted in x509_verify_ctx_add_chain()Theo Buehler
2021-02-25Rename depth to num_untrusted so it identifies what it actually represents.Joel Sing
2021-02-25Avoid passing last and depth to x509_verify_cert_error() on ENOMEM.Joel Sing
2021-02-24Make the new validator check for EXFLAG_CRITICALTheo Buehler
2021-01-09Set chain on xsc on chain build failure.Joel Sing
2021-01-09Bail out early after finding an single chain if we are have been called fromBob Beck
2021-01-08search the intermediates only after searching the root certs, clarifyBob Beck
2021-01-05Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in new verifier.Joel Sing
2021-01-05Gracefully handle root certificates being both trusted and untrusted.Joel Sing
2020-12-16Remove two reduntat memset calls.Theo Buehler
2020-11-18Plug leak in x509_verify_chain_dup()Theo Buehler
2020-11-18zap ugly empty line before closing braceTheo Buehler
2020-11-16Use X509_V_OK instead of 0.Joel Sing
2020-11-16Add back an X509_STORE_CTX error code assignment.Joel Sing
2020-11-15Return the specific failure for a "self signed certificate" in the chainBob Beck
2020-11-11Handle additional certificate error cases in new X.509 verifier.Joel Sing
2020-11-03Fix bad indent.Joel Sing
2020-11-03Hook X509_STORE_CTX get_issuer() callback from new X509 verifier.Joel Sing