openbsd/src/lib/libcrypto/Makefile, branch libressl-v3.3.5

openbsd/src/lib/libcrypto/Makefile, branch libressl-v3.3.5 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.3.5 2020-09-13T15:06:17+00:00 Add new x509 certificate chain validator in x509_verify.c 2020-09-13T15:06:17+00:00 beck 2020-09-13T15:06:17+00:00 urn:sha1:0a0ab802381c0d9f772240ce6370d981bc30962c The new validator finds multiple validated chains to handle the modern PKI cases which may frequently have multiple paths via different intermediates to different roots. It is loosely based on golang's x509 validator This includes integration so that the new validator can be used via X509_verify_cert() as well as a new api x509_verify() which will return multiple chains (similar to go). The new validator is not enabled by default with this commit, this will be changed in a follow on commit. The new public API is not yet exposed, and will be finalized and exposed with a man page and a library minor bump later. ok tb@ inoguchi@ jsing@ Add x509_constraints.c - a new implementation of x509 name constraints, with 2020-09-11T18:34:29+00:00 beck 2020-09-11T18:34:29+00:00 urn:sha1:86186e0432ea06c0067e1a468d1c13e49bbce996 regression tests. The use of the new name constraints is not yet activated in x509_vfy.c and will be activated in a follow on commit ok jsing@ Add issuer cache, to be used by upcoming changes to validation code. 2020-09-11T14:30:51+00:00 beck 2020-09-11T14:30:51+00:00 urn:sha1:3f94bbeb8d667f9b44b1fd8468aeecc743f55df0 ok tb@ jsing@ The check_includes step is incorrect dependency management model for 2020-06-09T16:53:53+00:00 deraadt 2020-06-09T16:53:53+00:00 urn:sha1:baa0c5c5165ab0d82f8bf0f78e00dcc807069782 how our tree gets built. If this was done in all the libraries (imagine sys/dev), it would disrupt the development process hugely. So it should not be done here either. use 'make includes' by hand instead. One error file per directory is plenty. 2020-06-05T15:28:33+00:00 jsing 2020-06-05T15:28:33+00:00 urn:sha1:e1c247101424817aefc1d54f2fe3f97306b9408c Collapse the x509v3 directory into x509. 2020-06-04T15:19:32+00:00 jsing 2020-06-04T15:19:32+00:00 urn:sha1:54be78391ecf439660a72dd7e17b1c2fd9b8a3f6 This avoids the need to grep across directories to find functions and prepares for further rototilling and chainsawing. Discussed with tb@ (who also tested the release build) Add checks to ensure that lib{crypto,ssl,tls} public headers have actually 2020-01-22T07:58:28+00:00 jsing 2020-01-22T07:58:28+00:00 urn:sha1:dc84fb2cb29e63e7e897d76ae53fe48add525348 been installed prior to building. Requested by and ok tb@ Simplify header installation by combining the HDRS and HDRS_GEN loops. 2020-01-22T06:56:50+00:00 jsing 2020-01-22T06:56:50+00:00 urn:sha1:00fdbbfa87e47bc65693fde07da45f941d7a79e8 ok beck@ Enable CMS in LibreSSL. 2019-11-02T13:38:04+00:00 jsing 2019-11-02T13:38:04+00:00 urn:sha1:febb3aef76a0edfd6172dd0ce765a77802118e4a ok bcook@ deraadt@ inoguchi@ job@ tb@ Install the openssl/cms.h header. 2019-09-09T16:49:03+00:00 jsing 2019-09-09T16:49:03+00:00 urn:sha1:abd74d4befd8d8f19bbbf5890da7b2979ac3c251 This header includes OPENSSL_NO_CMS guards, so even if things find the header it provides no useful content (and other code should technically also be using OPENSSL_NO_CMS...). ok deraadt@ inoguchi@