summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509v3.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Move BIT_STRING_BITNAME tables to consttb2024-08-311-2/+2
| | | | | | | | | Another bunch of const correctness fixes for global tables. These are used to map ns cert types, key usage types and CRL reasons to strings and vice versa. By the looks of it, nobody ever figured out how to use this (need I mention that it's convoluted?). ok beck jsing
* The X509V3_CONF_METHOD goes awaytb2024-08-311-10/+1
| | | | | | No longer used, never really needed. ok beck jsing
* Make some more x509 conf stuff internaltb2024-08-311-19/+1
| | | | | | | This internalizes a particularly scary layer of conf used for X.509 extensions. Again unused public API... ok beck jsing
* Retire X509V3_set_conf_lhash()tb2024-08-311-2/+1
| | | | | | | | Thankfully sthen removed the out-of-support PHP versions 7.4 and 8.0, which were the last users of this API, which in turn permitted much of this conf rampage. Now the stub can join its guts in the attic. ok beck jsing
* Retire X509V3_EXT_{,CRL_,REQ_}add_conf()tb2024-08-311-7/+1
| | | | | | | | Fortunately all projects who want to configure their extensions using a dangerous string DSL/API figured out the fact that one was supposed to be using the nconf version of these (the hint is the 'n', as in new). ok beck jsing
* Annotate X509V3_CONF_CTX and its only instance for removaltb2024-08-281-4/+3
| | | | | | | A comment saying /* Maybe more here */ in a public also goes (yuck). Of course the promise was fulfilled by OpenSSL 3. ok beck jsing
* const correct X509_PURPOSE_get0{,_{,s}name}()tb2024-03-021-4/+5
| | | | | | | Unfortunately, PHP and rust-openssl still need this API. At least we can make the table read-only now since we disabled its extensibility. ok jsing
* Make X509_PURPOSE opaquetb2024-03-021-10/+2
| | | | | | | Code using details of X509_PURPOSE does so by using API. So we can make this struct opaque. ok jsing
* Remove unused parts of the purpose APItb2024-03-021-9/+2
| | | | | | | | | Most of this is the ability to add custom purposes. Also the astounding X509_STORE_CTX_purpose_inherit(). The names are used by PHP, and M2Crypto exposes X509_check_purpose(), so these remain public. Some weird, most likely invalid, uses also remain in rust-openssl. ok jsing
* Remove X509V3_EXT extensibility APItb2024-03-021-5/+1
| | | | | | | | | | You used to be able to define your own X.509 extension handlers. Great. Even greater: the verifier would ignore any custom extensions. So this was only ever useful for serialization and deserialization. In other words, almost entirely pointless. The API was also unused except for a hack in kore-acme, which was fixed recently. ok jsing
* x509v3.h: unwrap a linetb2023-06-251-3/+2
|
* Remove proxy cert remnantstb2023-04-251-25/+1
|
* Remove SXNETtb2023-04-251-41/+1
| | | | Unused and no authorative information was found online in 2016
* Move the policy tree code to internal-onlytb2023-04-251-7/+1
| | | | | A few hooks remain in the legacy validator, which will soon be replaced with something better. The rest of the tentacles are now largely contained.
* Use proper fix for the recent x400Address issuetb2023-04-251-3/+2
| | | | | | From David Benjamin (BoringSSL) ok beck
* Future users of libcrypto will also have to do without strong extranettb2023-04-241-1/+5
| | | | | | support. discussed with beck and jsing
* Mark remaining policy tree public API for removaltb2023-04-161-1/+4
| | | | ok jsing
* Mark proxy policy API for removal in upcoming bumptb2023-04-161-1/+5
| | | | ok jsing
* Fix indentation of structs and unions in x509v3.htb2023-04-101-87/+87
| | | | No change according to diff -w
* White space KNF, no code change:schwarze2022-11-071-15/+12
| | | | | | | - line breaking and indentation in three struct declarations - removal of trailing whitespace Found while working on /usr/src/regress/lib/libcrypto/man/check_complete.pl . OK tb@
* Remove mkerr.pl remnants from LibreSSLkn2022-07-121-5/+1
| | | | | | | This script is not used at all and files are edited by hand instead. Thus remove misleading comments incl. the obsolete script/config. Feedback OK jsing tb
* Remove header guard around RFC 3779 declarationstb2022-01-141-3/+1
| | | | ok inoguchi jsing
* Remove name_cmp from public visibilitytb2022-01-141-2/+1
| | | | ok inoguchi jsing
* Undo commenting of OPENSSL_NO_RFC3779tb2021-12-241-4/+4
| | | | | | | | | | | The define implies that we have the RFC 3779 API and corresponding symbols publicly exposed. We don't do that since there are still concerns about its suitability and security. oss-fuzz has code depending on this define and this broke its build as tracked down by jsing. This commit gets us oss-fuzz builds back while keeping job happy since the extension pretty printing will continue to work. ok jsing
* Fix some KNF issues in the RFC 3779 section that have bothered me fortb2021-12-241-54/+55
| | | | way too long.
* Unifdef LIBRESSL_NEW_API. Now that the library is bumped, this istb2021-11-011-3/+1
| | | | | | no longer needed. ok jsing
* Declare STACK_OF(GENERAL_NAMES)tb2021-10-231-3/+4
| | | | ok jsing
* Prepare to provide X509_get_extension_flags()tb2021-10-231-1/+2
| | | | ok beck jsing
* Prepare to provide X509_get_{extended_,}key_usage()tb2021-10-221-1/+5
| | | | ok beck jsing
* Add XKU_ANYEKU #define and use it to cache the anyExtendedKeyUsagetb2021-10-211-2/+3
| | | | | | | extension. This is part of OpenSSL commit df4c395c which didn't make it into our tree for some reason. ok jsing
* Unroll DECLARE_ASN1_FUNCTIONS()job2021-09-021-9/+56
| | | | OK jsing@
* Rename DEFINE_STACK_OF() to DECLARE_STACK_OF()job2021-09-021-4/+4
| | | | OK tb@ jsing@
* Lay groundwork to support X.509 v3 extensions for IP Addresses and AS ↵job2021-09-021-1/+144
| | | | | | | | | | | Identifiers These extensions are defined in RFC 3779 and used in the RPKI (RFC 6482, RFC 8360). Imported from OpenSSL 1.1.1j (aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf) This changeset is a no-op, as there are 10+ issues and at least 2 security issues. Work will continue in-tree. OK tb@, discussed with beck@
* Add new x509 certificate chain validator in x509_verify.cbeck2020-09-131-1/+3
| | | | | | | | | | | | | | | | | | | The new validator finds multiple validated chains to handle the modern PKI cases which may frequently have multiple paths via different intermediates to different roots. It is loosely based on golang's x509 validator This includes integration so that the new validator can be used via X509_verify_cert() as well as a new api x509_verify() which will return multiple chains (similar to go). The new validator is not enabled by default with this commit, this will be changed in a follow on commit. The new public API is not yet exposed, and will be finalized and exposed with a man page and a library minor bump later. ok tb@ inoguchi@ jsing@
* Collapse the x509v3 directory into x509.jsing2020-06-041-0/+992
This avoids the need to grep across directories to find functions and prepares for further rototilling and chainsawing. Discussed with tb@ (who also tested the release build)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-09-16 18:57:04 +0000