Commit Graph

57 Commits

Author SHA1 Message Date
Alex Chernyakhovsky
cbd056cd55 Remove OPENSSL_NO_CHAIN_VERIFY
Change-Id: Iaff2a1b4c394aa0d3d5a33cb75cf4f165d3c2abc
Reviewed-on: https://boringssl-review.googlesource.com/1387
Reviewed-by: Adam Langley <agl@google.com>
2014-08-04 19:22:26 +00:00
Adam Langley
dc160f84f5 Fixes to host checking.
Fixes to host checking wild card support and add support for setting
host checking flags when verifying a certificate chain.

(Imported from upstream's a2219f6be36d12f02b6420dd95f819cf364baf1d)
2014-06-20 13:17:40 -07:00
Adam Langley
e0ddf2706a For self signed root only indicate one error.
(Imported from upstream's bdfc0e284c89dd5781259cc19aa264aded538492.)
2014-06-20 13:17:39 -07:00
Adam Langley
ec72cf5a1c Include TA in checks/callback with partial chains.
When a chain is complete and ends in a trusted root checks are also performed
on the TA and the callback notified with ok==1. For consistency do the same for
chains where the TA is not self signed.

(Imported from upstream's b07e4f2f46fc286c306353d5e362cbc22c8547fb)
2014-06-20 13:17:38 -07:00
Adam Langley
35163dc925 Add cert_self_signed function to simplify verify.
(Imported from upstream's ced6dc5cefca57b08e077951a9710c33b709e99e)
2014-06-20 13:17:38 -07:00
Adam Langley
a216d03d0e Simplify X509_STORE_CTX_get1_chain.
(Imported from upstream's bf2d129194d5a8f2ccf5ff5261ab755e4fc9f98e)
2014-06-20 13:17:38 -07:00
Adam Langley
95c29f3cd1 Inital import.
Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta).

(This change contains substantial changes from the original and
effectively starts a new history.)
2014-06-20 13:17:32 -07:00