| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | Call the callback on success in new verifier in a compatible way | beck | 2021-09-03 | 1 | -5/+17 |
| * | Get rid of historical code to extract the roots in the legacy case. | beck | 2021-08-28 | 1 | -49/+2 |
| * | Pull roots out of the trust store in the legacy xsc when building chains | beck | 2021-08-19 | 1 | -1/+10 |
| * | Fix two bugs in the legacy verifier | tb | 2021-02-25 | 1 | -6/+10 |
| * | KNF | tb | 2021-02-11 | 1 | -4/+7 |
| * | Plug a big memory leak in the new validator | tb | 2020-11-18 | 1 | -1/+6 |
| * | Move freeing of the verify context to its natural place instead of | tb | 2020-11-18 | 1 | -2/+2 |
| * | KNF (whitespace) | tb | 2020-11-18 | 1 | -2/+2 |
| * | jumping into the x509 fray with a bunch of whitespace repair | deraadt | 2020-09-26 | 1 | -6/+6 |
| * | KNF/whitespace nits | tb | 2020-09-20 | 1 | -4/+5 |
| * | Deduplicate the time validation code between the legacy and new | beck | 2020-09-15 | 1 | -24/+2 |
| * | remove unneded variable "time1" | beck | 2020-09-14 | 1 | -6/+6 |
| * | Correctly fix double free introduced on review. | beck | 2020-09-14 | 1 | -1/+2 |
| * | Fix double free - review moved the pop_free of roots to x509_verify_ctx_free | beck | 2020-09-14 | 1 | -2/+1 |
| * | Add new x509 certificate chain validator in x509_verify.c | beck | 2020-09-13 | 1 | -48/+180 |
| * | Change over to use the new x509 name constraints verification. | beck | 2020-09-12 | 1 | -28/+7 |
| * | When building a chain look for non-expired certificates first. | jsing | 2020-05-31 | 1 | -8/+29 |
| * | Typo in comment. | tb | 2019-03-06 | 1 | -2/+2 |
| * | Don't leak sktmp in X509_verify_cert(). | tb | 2018-08-19 | 1 | -5/+5 |
| * | Fail early if an X509_VERIFY_PARAM is poisoned - don't allow | beck | 2018-04-08 | 1 | -8/+10 |
| * | poison for X509_VERIFY_PARAM's | beck | 2018-04-06 | 1 | -3/+10 |
| * | Provide X509_STORE_CTX_get0_chain() and X509_STORE_CTX_get0_store(). | jsing | 2018-02-22 | 1 | -3/+17 |
| * | Provide X509_STORE_CTX_get0_{cert,untrusted}() and | jsing | 2018-02-14 | 1 | -1/+25 |
| * | Make the symbol for ASN1_time_tm_clamp_notafter visible so libtls | beck | 2017-08-27 | 1 | -1/+3 |
| * | Add ability to clamp a notafter to values representable in a 32 bit time_t | beck | 2017-08-13 | 1 | -5/+21 |
| * | Revert previous change that forced consistency between return value and | beck | 2017-04-28 | 1 | -10/+2 |
| * | revert previous accidental commit | beck | 2017-04-28 | 1 | -2/+10 |
| * | *** empty log message *** | beck | 2017-04-28 | 1 | -10/+2 |
| * | Kill leak introduced with refactor | beck | 2017-02-05 | 1 | -3/+6 |
| * | Send the function codes from the error functions to the bit bucket, | beck | 2017-01-29 | 1 | -29/+19 |
| * | fix bogus comment | beck | 2017-01-21 | 1 | -2/+2 |
| * | Make return value of X509_verify_cert be consistent with the error code, | beck | 2017-01-21 | 1 | -2/+10 |
| * | Rework internal_verify, mostly from OpenSSL. so we can progress | beck | 2017-01-20 | 1 | -102/+102 |
| * | Add and remove some blank lines, in order to make X509_verify_cert() | jsing | 2017-01-07 | 1 | -6/+4 |
| * | Revert part of r1.54 as there are at least two situations where we are still | jsing | 2017-01-07 | 1 | -4/+2 |
| * | Add a small bit of belt and suspenders around ERR_V_OK with X509_STORE_ctx | beck | 2017-01-03 | 1 | -2/+20 |
| * | bring in boring's internal check_trust function to fix a bug introduced | beck | 2017-01-03 | 1 | -24/+79 |
| * | Rework X509_verify_cert to support alt chains on certificate verification, | beck | 2016-11-06 | 1 | -117/+265 |
| * | make public ASN1_time_parse and ASN1_time_tm_cmp to replace former hidden | beck | 2016-11-04 | 1 | -3/+3 |
| * | In X509_cmp_time(), pass asn1_time_parse() the tag of the field being | guenther | 2016-10-02 | 1 | -2/+3 |
| * | X509_free(3) is NULL-safe, so remove NULL checks before its calls. | mmcc | 2016-03-11 | 1 | -3/+2 |
| * | initialize ok to 0 | beck | 2015-12-14 | 1 | -2/+2 |
| * | Stop supporing "legcay" time formats that OpenSSL supports. Rewrite the | beck | 2015-10-19 | 1 | -22/+23 |
| * | Flense the greasy black guts of unreadble string parsing code out of three areas | beck | 2015-10-02 | 1 | -92/+36 |
| * | Add support for disabling certificate and CRL validity checking. | jsing | 2015-09-14 | 1 | -9/+12 |
| * | Now that it is safe to invoke X509_STORE_CTX_cleanup() if X509_STORE_CTX_init() | miod | 2015-07-19 | 1 | -3/+5 |
| * | Simplify X509_STORE_CTX_init and make it safe with stack variables. | doug | 2015-07-19 | 1 | -58/+55 |
| * | Avoid a potential out-of-bounds read in X509_cmp_time(), due to missing | jsing | 2015-06-11 | 1 | -4/+27 |
| * | Remove all getenv() calls, especially those wrapped by issetugid(). | deraadt | 2015-04-11 | 1 | -7/+1 |
| * | More unifdef OPENSSL_NO_RFC3779 that got missed last time around. | jsing | 2015-02-11 | 1 | -11/+1 |
