| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
one in /usr/include/openssl.
|
| |
|
|
|
| |
Improve verification regress and ensure that the legacy or modern
verification completes with the expected error and error depth.
|
| | |
|
| |
|
|
|
| |
This test now fails with the legacy verifier, due to
X509_V_FLAG_TRUSTED_FIRST being enabled by default.
|
| |
|
|
|
|
| |
generate certdirs by jsing, and make chicken sacrifies by tb.
ok tb@ jsing@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
to the beginning of the respective scopes (and out of for loops)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new validator finds multiple validated chains to handle the modern
PKI cases which may frequently have multiple paths via different
intermediates to different roots. It is loosely based on golang's x509
validator
This includes integration so that the new validator can be used via
X509_verify_cert() as well as a new api x509_verify() which will
return multiple chains (similar to go).
The new validator is not enabled by default with this commit, this
will be changed in a follow on commit.
The new public API is not yet exposed, and will be finalized and
exposed with a man page and a library minor bump later.
ok tb@ inoguchi@ jsing@
|
|
|
A number of these tests are known to fail due to bugs/incorrect
verification implementation.
|
