index
:
openbsd
OPENBSD_2_0
OPENBSD_2_1
OPENBSD_2_2
OPENBSD_2_3
OPENBSD_2_4
OPENBSD_2_5
OPENBSD_2_6
OPENBSD_2_7
OPENBSD_2_8
OPENBSD_2_9
OPENBSD_3_0
OPENBSD_3_1
OPENBSD_3_2
OPENBSD_3_3
OPENBSD_3_4
OPENBSD_3_5
OPENBSD_3_6
OPENBSD_3_7
OPENBSD_3_8
OPENBSD_3_9
OPENBSD_4_0
OPENBSD_4_1
OPENBSD_4_2
OPENBSD_4_3
OPENBSD_4_4
OPENBSD_4_5
OPENBSD_4_6
OPENBSD_4_7
OPENBSD_4_8
OPENBSD_4_9
OPENBSD_5_0
OPENBSD_5_1
OPENBSD_5_2
OPENBSD_5_3
OPENBSD_5_4
OPENBSD_5_5
OPENBSD_5_6
OPENBSD_5_7
OPENBSD_5_8
OPENBSD_5_9
OPENBSD_6_0
OPENBSD_6_1
OPENBSD_6_2
OPENBSD_6_3
OPENBSD_6_4
OPENBSD_6_5
OPENBSD_6_6
OPENBSD_6_7
OPENBSD_6_8
OPENBSD_6_9
OPENBSD_7_0
OPENBSD_7_1
OPENBSD_7_2
OPENBSD_7_3
OPENBSD_7_4
OPENBSD_7_5
OPENBSD_7_6
master
A mirror of https://github.com/libressl/openbsd.git
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
src
/
lib
/
libcrypto
/
x509
/
x509_verify.c
(
follow
)
Commit message (
Expand
)
Author
Age
Files
Lines
*
Cache CRLs in issuer cache
tb
2025-02-08
1
-1
/
+2
*
x509_verify_parent_signature(): no need to bump pkey's refcount
tb
2025-02-08
1
-4
/
+2
*
x509_verify: missing verify error on cached signature mismatch
tb
2025-02-08
1
-2
/
+5
*
Fix non-xsc path in x509_verify_potential_parent()
tb
2024-06-07
1
-2
/
+2
*
Remove notBefore and notAfter cacheing.
beck
2024-04-08
1
-35
/
+11
*
Fix the verifier to use the trust store
beck
2024-02-01
1
-1
/
+13
*
Eliminate the timegm(3) dependency in libcrypto
tb
2023-11-13
1
-11
/
+27
*
Remove a misplaced empty line
tb
2023-05-07
1
-2
/
+1
*
Enable policy checking by default now that we are DAG implementation based.
beck
2023-04-28
1
-3
/
+2
*
Remove some dead code from the new verifier
tb
2023-04-16
1
-7
/
+1
*
Refactor x509v3_cache_extensions
job
2023-01-20
1
-10
/
+2
*
Don't do policy checking unless we were asked to do so.
beck
2023-01-17
1
-2
/
+3
*
Store errors that result from leaf certificate verification.
jsing
2022-10-17
1
-8
/
+12
*
Remove overly aggressive trust check in legacy verifier that breaks
beck
2022-08-05
1
-15
/
+4
*
Take away bogus error assignment before callback call.
beck
2022-06-28
1
-2
/
+1
*
Fix the legacy verifier callback behaviour for untrusted certs.
beck
2022-06-28
1
-17
/
+44
*
Allow security_level to mestastasize into the verifier
tb
2022-06-27
1
-1
/
+4
*
Move leaf certificate checks to the last thing after chain validation.
beck
2022-06-25
1
-19
/
+32
*
KNF for a brace and zap trailing blank line
tb
2022-04-12
1
-3
/
+3
*
In some situations, the verifier would discard the error on an unvalidated
beck
2021-11-24
1
-46
/
+83
*
Put curly brace on the correct line.
jsing
2021-11-14
1
-2
/
+3
*
In X509_STORE_CTX rename the misnamed last_untrusted to num_untrusted
tb
2021-11-07
1
-3
/
+3
*
Cache sha512 hash and parsed not_before and not_after with X509 cert.
beck
2021-11-04
1
-94
/
+78
*
Add RFC 3779 checks to both legacy and new verifier
job
2021-10-26
1
-1
/
+9
*
When calling the legacy callback, ensure we catch the case where it
beck
2021-09-09
1
-2
/
+5
*
Call the callback on success in new verifier in a compatible way
beck
2021-09-03
1
-10
/
+36
*
Revert previous change that changed our default return for unable to
beck
2021-08-30
1
-11
/
+5
*
Fix Jan's regress in openssl/x509 to do what it says it does,
beck
2021-08-30
1
-5
/
+11
*
Don't call the verify callback twice on success.
beck
2021-08-29
1
-2
/
+1
*
Get rid of historical code to extract the roots in the legacy case.
beck
2021-08-28
1
-26
/
+29
*
Remove the "dump_chain" flag and code. This was a workaround for a problem where
beck
2021-08-28
1
-14
/
+3
*
Pull roots out of the trust store in the legacy xsc when building chains
beck
2021-08-19
1
-6
/
+14
*
Add a check_trust call to the legacy chain validation on chain add, remembering
beck
2021-08-18
1
-2
/
+10
*
Refactor the legacy chain validation from the chain adding code into its
beck
2021-08-18
1
-52
/
+70
*
Use the x509_verify_cert_cache_extensions fuction instead of manually
beck
2021-07-12
1
-9
/
+4
*
Add a bunch of workarond in the verifier to support partial chains and
beck
2021-07-10
1
-15
/
+131
*
Revert "Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in new
tb
2021-04-28
1
-4
/
+1
*
Use EXFLAG_INVALID to handle out of memory and parse errors in
tobhe
2021-03-13
1
-1
/
+5
*
Fix checks of memory caps of constraints names
tb
2021-03-12
1
-4
/
+7
*
Set is_trusted in x509_verify_ctx_add_chain()
tb
2021-02-26
1
-2
/
+2
*
Rename depth to num_untrusted so it identifies what it actually represents.
jsing
2021-02-25
1
-6
/
+6
*
Avoid passing last and depth to x509_verify_cert_error() on ENOMEM.
jsing
2021-02-25
1
-3
/
+2
*
Make the new validator check for EXFLAG_CRITICAL
tb
2021-02-24
1
-8
/
+15
*
Set chain on xsc on chain build failure.
jsing
2021-01-09
1
-1
/
+3
*
Bail out early after finding an single chain if we are have been called from
beck
2021-01-09
1
-1
/
+9
*
search the intermediates only after searching the root certs, clarify
beck
2021-01-08
1
-11
/
+15
*
Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in new verifier.
jsing
2021-01-05
1
-1
/
+4
*
Gracefully handle root certificates being both trusted and untrusted.
jsing
2021-01-05
1
-3
/
+14
*
Remove two reduntat memset calls.
tb
2020-12-16
1
-3
/
+1
*
Plug leak in x509_verify_chain_dup()
tb
2020-11-18
1
-2
/
+2
[next]
