Commit Graph

57 Commits

Author SHA1 Message Date
Adam Langley
8241005bfa Client-side namecheck wildcards.
A client reference identity of ".example.com" matches a server certificate
presented identity that is any sub-domain of "example.com" (e.g.
"www.sub.example.com).

With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches only direct
child sub-domains (e.g. "www.sub.example.com"). (cherry picked from commit
e52c52f10bb8e34aaf8f28f3e5b56939e8f6b357)

(Imported from upstream's 3cc8a3f2343cda796de90c127b9e907ca3ec2da5)
2014-06-20 13:17:42 -07:00
Adam Langley
dc160f84f5 Fixes to host checking.
Fixes to host checking wild card support and add support for setting
host checking flags when verifying a certificate chain.

(Imported from upstream's a2219f6be36d12f02b6420dd95f819cf364baf1d)
2014-06-20 13:17:40 -07:00
Adam Langley
548523fd5e Extension checking fixes.
When looking for an extension we need to set the last found
position to -1 to properly search all extensions.

PR#3309

(Imported from upstream's 5cd5e0219d2e9a8c1f2fec3d867f38179c3a86af)
2014-06-20 13:17:40 -07:00
Adam Langley
a993a70d6d Include self-signed flag in certificates.
Include self-signed flag in certificates by checking SKID/AKID as well as
issuer and subject names. Although this is an incompatible change it should
have little impact in pratice because self-issued certificates that are not
self-signed are rarely encountered.

(Imported from upstream's c00f8d697aed17edbd002e2f6c989d8fbd7c4ecf)
2014-06-20 13:17:38 -07:00
Adam Langley
6d43d0c4d6 Add extension free function.
(Imported from upstream's 984a30423d70126ed1df30e4b52962398cdaa9b6.)
2014-06-20 13:17:38 -07:00
Adam Langley
735107652b Const correctness.
This change fixes a number of build warnings.
2014-06-20 13:17:36 -07:00
Adam Langley
95c29f3cd1 Inital import.
Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta).

(This change contains substantial changes from the original and
effectively starts a new history.)
2014-06-20 13:17:32 -07:00