summaryrefslogtreecommitdiff
path: root/lib/libcrypto/x509/x509_vfy.c
AgeCommit message (Expand)Author
2021-10-24Prepare to provide a number of X509_STORE_CTX_* setters.Theo Buehler
2021-10-24Prepare to provide X509_STORE_CTX_get_num_untrusted()Theo Buehler
2021-09-03Call the callback on success in new verifier in a compatible wayBob Beck
2021-08-28Get rid of historical code to extract the roots in the legacy case.Bob Beck
2021-08-19Pull roots out of the trust store in the legacy xsc when building chainsBob Beck
2021-02-25Fix two bugs in the legacy verifierTheo Buehler
2021-02-11KNFTheo Buehler
2020-11-18Plug a big memory leak in the new validatorTheo Buehler
2020-11-18Move freeing of the verify context to its natural place instead ofTheo Buehler
2020-11-18KNF (whitespace)Theo Buehler
2020-09-26jumping into the x509 fray with a bunch of whitespace repairTheo de Raadt
2020-09-20KNF/whitespace nitsTheo Buehler
2020-09-15Deduplicate the time validation code between the legacy and newBob Beck
2020-09-14remove unneded variable "time1"Bob Beck
2020-09-14Correctly fix double free introduced on review.Bob Beck
2020-09-14Fix double free - review moved the pop_free of roots to x509_verify_ctx_freeBob Beck
2020-09-13Add new x509 certificate chain validator in x509_verify.cBob Beck
2020-09-12Change over to use the new x509 name constraints verification.Bob Beck
2020-05-31When building a chain look for non-expired certificates first.Joel Sing
2019-03-06Typo in comment.Theo Buehler
2018-08-19Don't leak sktmp in X509_verify_cert().Theo Buehler
2018-04-08Fail early if an X509_VERIFY_PARAM is poisoned - don't allowBob Beck
2018-04-06poison for X509_VERIFY_PARAM'sBob Beck
2018-02-22Provide X509_STORE_CTX_get0_chain() and X509_STORE_CTX_get0_store().Joel Sing
2018-02-14Provide X509_STORE_CTX_get0_{cert,untrusted}() andJoel Sing
2017-08-27Make the symbol for ASN1_time_tm_clamp_notafter visible so libtlsBob Beck
2017-08-13Add ability to clamp a notafter to values representable in a 32 bit time_tBob Beck
2017-04-28Revert previous change that forced consistency between return value andBob Beck
2017-04-28revert previous accidental commitBob Beck
2017-04-28*** empty log message ***Bob Beck
2017-02-05Kill leak introduced with refactorBob Beck
2017-01-29Send the function codes from the error functions to the bit bucket,Bob Beck
2017-01-21fix bogus commentBob Beck
2017-01-21Make return value of X509_verify_cert be consistent with the error code,Bob Beck
2017-01-20Rework internal_verify, mostly from OpenSSL. so we can progressBob Beck
2017-01-07Add and remove some blank lines, in order to make X509_verify_cert()Joel Sing
2017-01-07Revert part of r1.54 as there are at least two situations where we are stillJoel Sing
2017-01-03Add a small bit of belt and suspenders around ERR_V_OK with X509_STORE_ctxBob Beck
2017-01-03bring in boring's internal check_trust function to fix a bug introducedBob Beck
2016-11-06Rework X509_verify_cert to support alt chains on certificate verification,Bob Beck
2016-11-04make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hiddenBob Beck
2016-10-02In X509_cmp_time(), pass asn1_time_parse() the tag of the field beingPhilip Guenther
2016-03-11X509_free(3) is NULL-safe, so remove NULL checks before its calls.Michael McConville
2015-12-14initialize ok to 0Bob Beck
2015-10-19Stop supporing "legcay" time formats that OpenSSL supports. Rewrite theBob Beck
2015-10-02Flense the greasy black guts of unreadble string parsing code out of three areasBob Beck
2015-09-14Add support for disabling certificate and CRL validity checking.Joel Sing
2015-07-19Now that it is safe to invoke X509_STORE_CTX_cleanup() if X509_STORE_CTX_init()Miod Vallat
2015-07-19Simplify X509_STORE_CTX_init and make it safe with stack variables.Doug Hogan
2015-06-11Avoid a potential out-of-bounds read in X509_cmp_time(), due to missingJoel Sing
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-24 04:17:28 +0000