summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_verify.c (follow)
Commit message (Expand)AuthorAgeFilesLines
* Store errors that result from leaf certificate verification.jsing2022-10-171-8/+12
* Remove overly aggressive trust check in legacy verifier that breaksbeck2022-08-051-15/+4
* Take away bogus error assignment before callback call.beck2022-06-281-2/+1
* Fix the legacy verifier callback behaviour for untrusted certs.beck2022-06-281-17/+44
* Allow security_level to mestastasize into the verifiertb2022-06-271-1/+4
* Move leaf certificate checks to the last thing after chain validation.beck2022-06-251-19/+32
* KNF for a brace and zap trailing blank linetb2022-04-121-3/+3
* In some situations, the verifier would discard the error on an unvalidatedbeck2021-11-241-46/+83
* Put curly brace on the correct line.jsing2021-11-141-2/+3
* In X509_STORE_CTX rename the misnamed last_untrusted to num_untrustedtb2021-11-071-3/+3
* Cache sha512 hash and parsed not_before and not_after with X509 cert.beck2021-11-041-94/+78
* Add RFC 3779 checks to both legacy and new verifierjob2021-10-261-1/+9
* When calling the legacy callback, ensure we catch the case where itbeck2021-09-091-2/+5
* Call the callback on success in new verifier in a compatible waybeck2021-09-031-10/+36
* Revert previous change that changed our default return for unable tobeck2021-08-301-11/+5
* Fix Jan's regress in openssl/x509 to do what it says it does,beck2021-08-301-5/+11
* Don't call the verify callback twice on success.beck2021-08-291-2/+1
* Get rid of historical code to extract the roots in the legacy case.beck2021-08-281-26/+29
* Remove the "dump_chain" flag and code. This was a workaround for a problem wherebeck2021-08-281-14/+3
* Pull roots out of the trust store in the legacy xsc when building chainsbeck2021-08-191-6/+14
* Add a check_trust call to the legacy chain validation on chain add, rememberingbeck2021-08-181-2/+10
* Refactor the legacy chain validation from the chain adding code into itsbeck2021-08-181-52/+70
* Use the x509_verify_cert_cache_extensions fuction instead of manuallybeck2021-07-121-9/+4
* Add a bunch of workarond in the verifier to support partial chains andbeck2021-07-101-15/+131
* Revert "Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in newtb2021-04-281-4/+1
* Use EXFLAG_INVALID to handle out of memory and parse errors intobhe2021-03-131-1/+5
* Fix checks of memory caps of constraints namestb2021-03-121-4/+7
* Set is_trusted in x509_verify_ctx_add_chain()tb2021-02-261-2/+2
* Rename depth to num_untrusted so it identifies what it actually represents.jsing2021-02-251-6/+6
* Avoid passing last and depth to x509_verify_cert_error() on ENOMEM.jsing2021-02-251-3/+2
* Make the new validator check for EXFLAG_CRITICALtb2021-02-241-8/+15
* Set chain on xsc on chain build failure.jsing2021-01-091-1/+3
* Bail out early after finding an single chain if we are have been called frombeck2021-01-091-1/+9
* search the intermediates only after searching the root certs, clarifybeck2021-01-081-11/+15
* Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in new verifier.jsing2021-01-051-1/+4
* Gracefully handle root certificates being both trusted and untrusted.jsing2021-01-051-3/+14
* Remove two reduntat memset calls.tb2020-12-161-3/+1
* Plug leak in x509_verify_chain_dup()tb2020-11-181-2/+2
* zap ugly empty line before closing bracetb2020-11-181-2/+1
* Use X509_V_OK instead of 0.jsing2020-11-161-4/+3
* Add back an X509_STORE_CTX error code assignment.jsing2020-11-161-2/+3
* Return the specific failure for a "self signed certificate" in the chainbeck2020-11-151-1/+14
* Handle additional certificate error cases in new X.509 verifier.jsing2020-11-111-11/+77
* Fix bad indent.jsing2020-11-031-7/+6
* Hook X509_STORE_CTX get_issuer() callback from new X509 verifier.jsing2020-11-031-3/+17
* Add a safety net to ensure that we set an error on the store context.tb2020-10-261-1/+3
* If x509_verify() fails, ensure that the error is also set on the storetb2020-10-261-10/+15
* Make sure that x509_vfy_check_id() failure also sets ctx->error, not onlytb2020-10-261-3/+8
* Ensure leaf is set up on X509_STORE_CTX before verification.jsing2020-09-261-9/+7
* Ensure chain is set on the X509_STORE_CTX before triggering callback.jsing2020-09-231-12/+39