boringssl

History

David Benjamin 00d7a7cee7 Drop cached certificate signature validity flag It seems risky in the context of cross-signed certificates when the same certificate might have multiple potential issuers. Also rarely used, since chains in OpenSSL typically only employ self-signed trust-anchors, whose self-signatures are not checked, while untrusted certificates are generally ephemeral. (Imported from upstream's 0e76014e584ba78ef1d6ecb4572391ef61c4fb51.) This is in master and not 1.0.2, but having a per-certificate signature cache when this is a function of signature and issuer seems dubious at best. Thanks to Viktor Dukhovni for pointing this change out to me. (And for making the original change upstream, of course.) Change-Id: Ie692d651726f14aeba6eaab03ac918fcaedb4eeb Reviewed-on: https://boringssl-review.googlesource.com/8880 Reviewed-by: Adam Langley <agl@google.com>	2016-07-21 17:46:15 +00:00
..
openssl	Drop cached certificate signature validity flag	2016-07-21 17:46:15 +00:00

David Benjamin 00d7a7cee7 Drop cached certificate signature validity flag

It seems risky in the context of cross-signed certificates when the
same certificate might have multiple potential issuers.  Also rarely
used, since chains in OpenSSL typically only employ self-signed
trust-anchors, whose self-signatures are not checked, while untrusted
certificates are generally ephemeral.

(Imported from upstream's 0e76014e584ba78ef1d6ecb4572391ef61c4fb51.)

This is in master and not 1.0.2, but having a per-certificate signature
cache when this is a function of signature and issuer seems dubious at
best. Thanks to Viktor Dukhovni for pointing this change out to me.
(And for making the original change upstream, of course.)

Change-Id: Ie692d651726f14aeba6eaab03ac918fcaedb4eeb
Reviewed-on: https://boringssl-review.googlesource.com/8880
Reviewed-by: Adam Langley <agl@google.com>

2016-07-21 17:46:15 +00:00

openssl

Drop cached certificate signature validity flag

2016-07-21 17:46:15 +00:00