kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
599922feee
boringssl/crypto/x509
History
David Benjamin 00d7a7cee7 Drop cached certificate signature validity flag 
It seems risky in the context of cross-signed certificates when the
same certificate might have multiple potential issuers.  Also rarely
used, since chains in OpenSSL typically only employ self-signed
trust-anchors, whose self-signatures are not checked, while untrusted
certificates are generally ephemeral.

(Imported from upstream's 0e76014e584ba78ef1d6ecb4572391ef61c4fb51.)

This is in master and not 1.0.2, but having a per-certificate signature
cache when this is a function of signature and issuer seems dubious at
best. Thanks to Viktor Dukhovni for pointing this change out to me.
(And for making the original change upstream, of course.)

Change-Id: Ie692d651726f14aeba6eaab03ac918fcaedb4eeb
Reviewed-on: https://boringssl-review.googlesource.com/8880
Reviewed-by: Adam Langley <agl@google.com>
2016-07-21 17:46:15 +00:00
..
a_digest.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
a_sign.c Move all signature algorithm code to crypto/x509. 2016-02-26 22:39:02 +00:00
a_strex.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
a_verify.c Move all signature algorithm code to crypto/x509. 2016-02-26 22:39:02 +00:00
algorithm.c Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
asn1_gen.c Fix build when using Visual Studio 2015 Update 1. 2016-03-25 21:39:52 +00:00
by_dir.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
by_file.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
charmap.h OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
CMakeLists.txt Move all signature algorithm code to crypto/x509. 2016-02-26 22:39:02 +00:00
i2d_pr.c Slightly simplify and deprecate i2d_{Public,Private}Key. 2016-02-17 16:31:26 +00:00
internal.h Move all signature algorithm code to crypto/x509. 2016-02-26 22:39:02 +00:00
pkcs7_test.c Start assuming MSVC 2015. 2016-05-02 19:46:25 +00:00
pkcs7.c Check for overflow when parsing a CBS with d2i_*. 2015-11-16 23:17:42 +00:00
rsa_pss.c Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
t_crl.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
t_req.c
t_x509.c Don't shift serial number into sign bit 2016-03-17 18:23:49 +00:00
t_x509a.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
vpm_int.h OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_att.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_cmp.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_d2.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_def.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_ext.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_lu.c Unwind X509_LU_RETRY and fix a lot of type confusion. 2016-06-16 16:24:44 +00:00
x509_obj.c Add checks to X509_NAME_oneline() 2016-05-03 16:34:59 +00:00
x509_r2x.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_req.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_set.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_test.cc Revert "Move C++ helpers into |bssl| namespace." 2016-07-12 08:09:33 -07:00
x509_trs.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_txt.c Ensure verify error is set when X509_verify_cert() fails. 2016-06-09 17:29:39 +00:00
x509_v3.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_vfy.c Drop cached certificate signature validity flag 2016-07-21 17:46:15 +00:00
x509_vpm.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509.c Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
x509cset.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509name.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509rset.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509spki.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509type.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_algor.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_all.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_attrib.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_crl.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
x_exten.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_info.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_name.c Remove ASN.1 print hooks. 2016-06-14 17:38:31 +00:00
x_pkey.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_pubkey.c Change |EVP_PKEY_up_ref| to return int. 2016-07-12 17:55:41 +00:00
x_req.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_sig.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_spki.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_val.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_x509.c Drop cached certificate signature validity flag 2016-07-21 17:46:15 +00:00
x_x509a.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00