kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
e833a6dfa2
boringssl/crypto/x509v3
History
Adam Langley 8bd1d07535 Require basicConstraints cA flag in intermediate certs. 
OpenSSL 1.0.2 (and thus BoringSSL) accepts keyUsage certSign or a
Netscape CA certificate-type in lieu of basicConstraints in an
intermediate certificate (unless X509_V_FLAG_X509_STRICT) is set.

Update-Note: This change tightens the code so that basicConstraints is required for intermediate certificates when verifying chains. This was previously only enabled if X509_V_FLAG_X509_STRICT was set, but that flag also has other effects.

Change-Id: I9e41f4c567084cf30ed08f015a744959982940af
Reviewed-on: https://boringssl-review.googlesource.com/30185
Reviewed-by: Matt Braithwaite <mab@google.com>
2018-08-01 19:10:19 +00:00
..
CMakeLists.txt Restore some revocation-related X.509 extensions. 2018-05-15 23:36:08 +00:00
ext_dat.h Restore some revocation-related X.509 extensions. 2018-05-15 23:36:08 +00:00
pcy_cache.c Avoid modifying stack in sk_find. 2018-04-12 21:02:12 +00:00
pcy_data.c
pcy_int.h Convert stack.h to use inline functions. 2017-05-22 15:06:04 +00:00
pcy_lib.c Delete some dead code from crypto/x509. 2017-06-09 19:58:08 +00:00
pcy_map.c
pcy_node.c Avoid modifying stack in sk_find. 2018-04-12 21:02:12 +00:00
pcy_tree.c Avoid modifying stack in sk_find. 2018-04-12 21:02:12 +00:00
tab_test.cc Convert the tests in x509v3 to GTest. 2017-07-10 19:05:04 +00:00
v3_akey.c
v3_akeya.c
v3_alt.c Clear some _CRT_SECURE_NO_WARNINGS warnings. 2017-10-25 04:14:28 +00:00
v3_bcons.c
v3_bitst.c
v3_conf.c Fix an error path leak in do_ext_nconf() 2016-07-26 19:11:01 +00:00
v3_cpols.c Fix a crash in print_notice. 2017-03-21 14:50:26 +00:00
v3_crld.c
v3_enum.c
v3_extku.c
v3_genn.c Fix memory leak in GENERAL_NAME_set0_othername. 2017-10-30 18:40:17 +00:00
v3_ia5.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
v3_info.c Clear some _CRT_SECURE_NO_WARNINGS warnings. 2017-10-25 04:14:28 +00:00
v3_int.c
v3_lib.c Avoid modifying stack in sk_find. 2018-04-12 21:02:12 +00:00
v3_ncons.c Guard against DoS in name constraints handling. 2017-09-06 22:00:46 +00:00
v3_ocsp.c Restore some revocation-related X.509 extensions. 2018-05-15 23:36:08 +00:00
v3_pci.c Remove 'file:' feature in v3_pci.c's CONF hooks. 2017-03-10 17:12:55 +00:00
v3_pcia.c
v3_pcons.c
v3_pku.c
v3_pmaps.c
v3_prn.c Remove ASN1_parse and ASN1_parse_dump. 2016-06-14 17:39:17 +00:00
v3_purp.c Require basicConstraints cA flag in intermediate certs. 2018-08-01 19:10:19 +00:00
v3_skey.c
v3_sxnet.c
v3_utl.c Avoid modifying stack in sk_find. 2018-04-12 21:02:12 +00:00
v3name_test.cc Convert the tests in x509v3 to GTest. 2017-07-10 19:05:04 +00:00