#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
5ab3f71a |
| 21-Mar-2023 |
Tomas Mraz |
Fix documentation of X509_VERIFY_PARAM_add0_policy() The function was incorrectly documented as enabling policy checking. Fixes: CVE-2023-0466 Reviewed-by: Paul Dale <pauli
Fix documentation of X509_VERIFY_PARAM_add0_policy() The function was incorrectly documented as enabling policy checking. Fixes: CVE-2023-0466 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20561)
show more ...
|
#
ec6cbda0 |
| 16-Jan-2023 |
Dr. David von Oheimb |
X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_clear_flags doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gma
X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_clear_flags doc Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20052)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
cbb6f4db |
| 18-Feb-2022 |
Carlo Teubner <435950+c4rlo@users.noreply.github.com> |
X509_VERIFY_PARAM_set_flags.pod: fix typos CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.co
X509_VERIFY_PARAM_set_flags.pod: fix typos CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17731)
show more ...
|
#
e304aa87 |
| 02-Jan-2022 |
Dimitris Apostolou |
Fix typos Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17392)
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j |
|
#
4acda863 |
| 16-Feb-2021 |
Dr. David von Oheimb |
DOC: Clarify the role of EKUs including defaults for TLS client and server use Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14199)
|
#
38fc02a7 |
| 17-Jun-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15801)
|
Revision tags: openssl-3.0.0-alpha11, openssl-3.0.0-alpha10 |
|
#
f9ac6f69 |
| 23-Dec-2020 |
Dr. David von Oheimb |
Improve the documentation of cert path building and validation Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13735)
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
0495a3ec |
| 17-Aug-2020 |
Rich Salz |
Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() This adds a flag, OCSP_PARTIAL_CHAIN, to the OCSP_basic_verify() function. This is equivlent to X509_V_FLAG_PARTIAL_CHAIN, in that if a
Add OCSP_PARTIAL_CHAIN to OCSP_basic_verify() This adds a flag, OCSP_PARTIAL_CHAIN, to the OCSP_basic_verify() function. This is equivlent to X509_V_FLAG_PARTIAL_CHAIN, in that if any certificate in the OCSP response is in the trust store, then trust it. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12666)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5 |
|
#
0b670a21 |
| 03-Jul-2020 |
Dr. David von Oheimb |
x509_vfy.c: Improve key usage checks in internal_verify() of cert chains If a presumably self-signed cert is last in chain we verify its signature only if X509_V_FLAG_CHECK_SS_SIGNATURE
x509_vfy.c: Improve key usage checks in internal_verify() of cert chains If a presumably self-signed cert is last in chain we verify its signature only if X509_V_FLAG_CHECK_SS_SIGNATURE is set. Upon this request we do the signature verification, but not in case it is a (non-conforming) self-issued CA certificate with a key usage extension that does not include keyCertSign. Make clear when we must verify the signature of a certificate and when we must adhere to key usage restrictions of the 'issuing' cert. Add some comments for making internal_verify() easier to understand. Update the documentation of X509_V_FLAG_CHECK_SS_SIGNATURE accordingly. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12375)
show more ...
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
ade08735 |
| 23-Dec-2019 |
Dr. David von Oheimb |
Improve documentation, layout, and code comments regarding self-issued certs etc. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1
Improve documentation, layout, and code comments regarding self-issued certs etc. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10587)
show more ...
|
#
278260bf |
| 30-Apr-2020 |
Dr. David von Oheimb |
Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. Add X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), and X509_VERIFY_PARAM_get1_ip_asc() to support
Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. Add X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), and X509_VERIFY_PARAM_get1_ip_asc() to support this, as well as the internal helper function ipaddr_to_asc(), which is used also for simplifying other IP address output functions. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11693)
show more ...
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
#
8cc86b81 |
| 23-Mar-2020 |
Dr. David von Oheimb |
Constify various mostly X509-related parameter types in crypto/ and apps/ in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *, also some result types of new functions, which
Constify various mostly X509-related parameter types in crypto/ and apps/ in particular X509_NAME*, X509_STORE{,_CTX}*, and ASN1_INTEGER *, also some result types of new functions, which does not break compatibility Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/10504)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
25d7cd1d |
| 22-Nov-2019 |
Dr. David von Oheimb |
add X509_cmp_timeframe() including its documentation Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openss
add X509_cmp_timeframe() including its documentation Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10502)
show more ...
|
#
1903a9b7 |
| 01-Nov-2019 |
Rich Salz |
Fix L<xxx(1)> links to be L<openssl-xxx(1)> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://gi
Fix L<xxx(1)> links to be L<openssl-xxx(1)> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10328)
show more ...
|
#
9c0586d5 |
| 27-Sep-2019 |
Rich Salz |
Fix errors found by new find-doc-nits Also patch find-doc-nits to ignore a Microsoft trademark and not flag it as a spelling error. Reviewed-by: Richard Levitte <levitte@openssl
Fix errors found by new find-doc-nits Also patch find-doc-nits to ignore a Microsoft trademark and not flag it as a spelling error. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10023)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
cda77422 |
| 15-Aug-2019 |
Rich Salz |
Use EXAMPLES not EXAMPLE for section title And update find-doc-nits to complain if "=head1 EXAMPLE" is found. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Mat
Use EXAMPLES not EXAMPLE for section title And update find-doc-nits to complain if "=head1 EXAMPLE" is found. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/9602)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
fc5ecadd |
| 09-Dec-2018 |
Dr. Matthias St. Pierre |
man: harmonize the various formulations in the HISTORY sections While stereotyped repetitions are frowned upon in literature, they serve a useful purpose in manual pages, because it is e
man: harmonize the various formulations in the HISTORY sections While stereotyped repetitions are frowned upon in literature, they serve a useful purpose in manual pages, because it is easier for the user to find certain information if it is always presented in the same way. For that reason, this commit harmonizes the varying formulations in the HISTORY section about which functions, flags, etc. were added in which OpenSSL version. It also attempts to make the pod files more grep friendly by avoiding to insert line breaks between the symbol names and the corresponding version number in which they were introduced (wherever possible). Some punctuation and typographical errors were fixed on the way. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7854)
show more ...
|
#
4746f25a |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in doc/man3/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/78
Following the license change, modify the boilerplates in doc/man3/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7829)
show more ...
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i |
|
#
6e501c47 |
| 21-Jun-2018 |
Pauli |
Fix spelling errors in documentation. Also fix some clumsy wording. [skip_ci] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/open
Fix spelling errors in documentation. Also fix some clumsy wording. [skip_ci] Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6545)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7 |
|
#
55a6250f |
| 22-May-2018 |
Viktor Dukhovni |
Skip CN DNS name constraint checks when not needed Only check the CN against DNS name contraints if the `X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the certific
Skip CN DNS name constraint checks when not needed Only check the CN against DNS name contraints if the `X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the certificate has no DNS subject alternative names or the `X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT` flag is set. Add pertinent documentation, and touch up some stale text about name checks and DANE. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
#
4db296d9 |
| 02-May-2018 |
Matt Caswell |
Make X509_VERIFY_PARAM_get_hostflags() take a const arg Commit 5b748dea5 added this function which should have taken a const argument. Reviewed-by: Rich Salz <rsalz@openssl.org>
Make X509_VERIFY_PARAM_get_hostflags() take a const arg Commit 5b748dea5 added this function which should have taken a const argument. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6154)
show more ...
|
Revision tags: OpenSSL_1_1_1-pre6 |
|
#
5b748dea |
| 30-Apr-2018 |
Matt Caswell |
Add getter for X509_VERIFY_PARAM_get_hostflags Fixes #5061 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6139)
|