diff options
author | sthen <> | 2017-01-01 15:15:36 +0000 |
---|---|---|
committer | sthen <> | 2017-01-01 15:15:36 +0000 |
commit | 6aa05405d0f9fa9421ab0d6566ad1a33c4722163 (patch) | |
tree | b93bb35b664837834325b6c725f941074b6d2c00 /src/lib/libtls/tls_peer.c | |
parent | b6a4a6abadee9e623e9b7e8f318e25c5681e2dc3 (diff) | |
download | openbsd-6aa05405d0f9fa9421ab0d6566ad1a33c4722163.tar.gz openbsd-6aa05405d0f9fa9421ab0d6566ad1a33c4722163.tar.bz2 openbsd-6aa05405d0f9fa9421ab0d6566ad1a33c4722163.zip |
Various work on cert.pem, ok bcook@
- print/sort using the full certificate subject rather than a pretty-printed
subset (as done in the current version of format-pem.pl); previously this was
resulting in a problem where a CN conflict resulted in the GlobalSign R2 CA
accidentally getting dropped in r1.10; problem found by Steven McDonald
- remove CA certificates that are no longer present in the CA store of the
release branch of Mozilla - possible now that libressl has support for
alternate chains (libcrypto/x509/x509_vfy.c r1.52)
- add new CA certificates from Mozilla's store from those organisations
which we already list
Diffstat (limited to 'src/lib/libtls/tls_peer.c')
0 files changed, 0 insertions, 0 deletions