| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Revise expire callback regress to use chains with expired certificates. | jsing | 2022-10-17 | 1 | -25/+66 |
| | | | | | | | | | | | Rather than using X509_STORE_CTX_set_time() (which is resulting all certificates in the chain being treated as expired), use chains that have an expired leaf or expired intermediate. This triggers a different code path, which is currently mishandled (and hence failing). Also ensure that the resulting error and error depth match what we expect them to be. | ||||
| * | Move leaf certificate checks to the last thing after chain validation. | beck | 2022-06-25 | 1 | -0/+279 |
| While seemingly illogical and not what is done in Go's validator, this mimics OpenSSL's behavior so that callback overrides for the expiry of a certificate will not "sticky" override a failure to build a chain. ok jsing@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |