boringssl

History

Jesse Selover d7266ecc9b Enforce key usage for RSA keys in TLS 1.2. For now, this is off by default and controlled by SSL_set_enforce_rsa_key_usage. This may be set as late as certificate verification so we may start by enforcing it for known roots. Generalizes ssl_cert_check_digital_signature_key_usage to check any part of the key_usage, and adds a new error KEY_USAGE_BIT_INCORRECT for the generalized method. Bug: chromium:795089 Change-Id: Ifa504c321bec3263a4e74f2dc48513e3b895d3ee Reviewed-on: https://boringssl-review.googlesource.com/c/34604 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>	2019-01-30 21:28:34 +00:00
..
openssl	Enforce key usage for RSA keys in TLS 1.2.	2019-01-30 21:28:34 +00:00

Jesse Selover d7266ecc9b Enforce key usage for RSA keys in TLS 1.2.

For now, this is off by default and controlled by SSL_set_enforce_rsa_key_usage.
This may be set as late as certificate verification so we may start by enforcing
it for known roots.

Generalizes ssl_cert_check_digital_signature_key_usage to check any part of the
key_usage, and adds a new error KEY_USAGE_BIT_INCORRECT for the generalized
method.

Bug: chromium:795089
Change-Id: Ifa504c321bec3263a4e74f2dc48513e3b895d3ee
Reviewed-on: https://boringssl-review.googlesource.com/c/34604
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

2019-01-30 21:28:34 +00:00

openssl

Enforce key usage for RSA keys in TLS 1.2.

2019-01-30 21:28:34 +00:00