summaryrefslogtreecommitdiff
path: root/lib/libcrypto/x509/x509_vfy.c
AgeCommit message (Expand)Author
2022-11-26Make internal header file names consistentTheo Buehler
2022-11-17Revert "Check certificate extensions in trusted certificates"Bob Beck
2022-11-14Hide public symbols in libcrypto/x509 .c filesBob Beck
2022-11-13Check certificate extensions in trusted certificates.Bob Beck
2022-08-31Switch loop bounds from size_t to int in check_hosts()Theo Buehler
2022-06-27Allow security_level to mestastasize into the verifierTheo Buehler
2022-01-22X509_GET_PUBKEY(3) return value check in libcryptoKinichiro Inoguchi
2021-11-26Bugfix in X509_get_pubkey_parameters(3):Ingo Schwarze
2021-11-26Simplify the code in X509_get_pubkey_parameters(3)Ingo Schwarze
2021-11-24In some situations, the verifier would discard the error on an unvalidatedBob Beck
2021-11-13Fix a bug in check_crl_time() that could result in incompleteIngo Schwarze
2021-11-07In X509_STORE_CTX, rename the X509_STORE store rather than ctx.Theo Buehler
2021-11-07In X509_STORE_CTX rename the misnamed last_untrusted to num_untrustedTheo Buehler
2021-11-04Cache sha512 hash and parsed not_before and not_after with X509 cert.Bob Beck
2021-11-01Move the now internal X.509-related structs into x509_lcl.h.Theo Buehler
2021-10-26Add RFC 3779 checks to both legacy and new verifierJob Snijders
2021-10-24Prepare to provide a number of X509_STORE_CTX_* setters.Theo Buehler
2021-10-24Prepare to provide X509_STORE_CTX_get_num_untrusted()Theo Buehler
2021-09-03Call the callback on success in new verifier in a compatible wayBob Beck
2021-08-28Get rid of historical code to extract the roots in the legacy case.Bob Beck
2021-08-19Pull roots out of the trust store in the legacy xsc when building chainsBob Beck
2021-02-25Fix two bugs in the legacy verifierTheo Buehler
2021-02-11KNFTheo Buehler
2020-11-18Plug a big memory leak in the new validatorTheo Buehler
2020-11-18Move freeing of the verify context to its natural place instead ofTheo Buehler
2020-11-18KNF (whitespace)Theo Buehler
2020-09-26jumping into the x509 fray with a bunch of whitespace repairTheo de Raadt
2020-09-20KNF/whitespace nitsTheo Buehler
2020-09-15Deduplicate the time validation code between the legacy and newBob Beck
2020-09-14remove unneded variable "time1"Bob Beck
2020-09-14Correctly fix double free introduced on review.Bob Beck
2020-09-14Fix double free - review moved the pop_free of roots to x509_verify_ctx_freeBob Beck
2020-09-13Add new x509 certificate chain validator in x509_verify.cBob Beck
2020-09-12Change over to use the new x509 name constraints verification.Bob Beck
2020-05-31When building a chain look for non-expired certificates first.Joel Sing
2019-03-06Typo in comment.Theo Buehler
2018-08-19Don't leak sktmp in X509_verify_cert().Theo Buehler
2018-04-08Fail early if an X509_VERIFY_PARAM is poisoned - don't allowBob Beck
2018-04-06poison for X509_VERIFY_PARAM'sBob Beck
2018-02-22Provide X509_STORE_CTX_get0_chain() and X509_STORE_CTX_get0_store().Joel Sing
2018-02-14Provide X509_STORE_CTX_get0_{cert,untrusted}() andJoel Sing
2017-08-27Make the symbol for ASN1_time_tm_clamp_notafter visible so libtlsBob Beck
2017-08-13Add ability to clamp a notafter to values representable in a 32 bit time_tBob Beck
2017-04-28Revert previous change that forced consistency between return value andBob Beck
2017-04-28revert previous accidental commitBob Beck
2017-04-28*** empty log message ***Bob Beck
2017-02-05Kill leak introduced with refactorBob Beck
2017-01-29Send the function codes from the error functions to the bit bucket,Bob Beck
2017-01-21fix bogus commentBob Beck
2017-01-21Make return value of X509_verify_cert be consistent with the error code,Bob Beck
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-11 18:15:30 +0000