boringssl/crypto/x509
Jesse Selover b4810de60f Make X509 time validation stricter.
Copy of OpenSSL change
80770da39e.

This additionally fixes some bugs which causes time validation to
fail when the current time and certificate timestamp are near the
2050 UTCTime/GeneralizedTime cut-off.

Update-Note: Some invalid X.509 timestamps will be newly rejected.

Change-Id: Ie131c61b6840c85bed974101f0a3188e7649059b
Reviewed-on: https://boringssl-review.googlesource.com/29125
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2018-06-25 17:54:33 +00:00
..
a_digest.c
a_sign.c Remove redundant calls to |OPENSSL_cleanse| and |OPENSSL_realloc_clean|. 2017-09-18 19:16:51 +00:00
a_strex.c Use new encoding functions in ASN1_mbstring_ncopy. 2018-05-11 21:58:47 +00:00
a_verify.c Remove redundant calls to |OPENSSL_cleanse| and |OPENSSL_realloc_clean|. 2017-09-18 19:16:51 +00:00
algorithm.c Align EVP_PKEY Ed25519 API with upstream. 2017-06-12 12:04:11 +00:00
asn1_gen.c Sync asn1_gen.c with upstream 1.0.2. 2017-07-05 21:37:08 +00:00
by_dir.c Remove files from Trusty which can't link because of Trusty libc. 2018-04-19 19:06:58 +00:00
by_file.c Unexport more of lhash. 2017-10-25 04:17:18 +00:00
charmap.h
CMakeLists.txt Delete some dead code from crypto/x509. 2017-06-09 19:58:08 +00:00
i2d_pr.c
internal.h Align EVP_PKEY Ed25519 API with upstream. 2017-06-12 12:04:11 +00:00
make_many_constraints.go Fix some issues with name constraints test certs. 2017-09-20 21:06:00 +00:00
many_constraints.pem Fix some issues with name constraints test certs. 2017-09-20 21:06:00 +00:00
many_names1.pem Fix some issues with name constraints test certs. 2017-09-20 21:06:00 +00:00
many_names2.pem Fix some issues with name constraints test certs. 2017-09-20 21:06:00 +00:00
many_names3.pem Fix some issues with name constraints test certs. 2017-09-20 21:06:00 +00:00
rsa_pss.c Align EVP_PKEY Ed25519 API with upstream. 2017-06-12 12:04:11 +00:00
some_names1.pem Fix some issues with name constraints test certs. 2017-09-20 21:06:00 +00:00
some_names2.pem Fix some issues with name constraints test certs. 2017-09-20 21:06:00 +00:00
some_names3.pem Fix some issues with name constraints test certs. 2017-09-20 21:06:00 +00:00
t_crl.c
t_req.c
t_x509.c Switch OPENSSL_VERSION_NUMBER to 1.1.0. 2017-09-29 04:51:27 +00:00
t_x509a.c
vpm_int.h Tighten and test name-checking functions. 2018-03-30 16:50:11 +00:00
x509_att.c
x509_cmp.c Add PKCS12_create. 2018-05-11 21:59:34 +00:00
x509_d2.c
x509_def.c Update location of root certificates on Fuchsia 2018-04-25 21:32:20 +00:00
x509_ext.c
x509_lu.c Add a bunch of X509_STORE getters and setters. 2018-05-11 21:59:58 +00:00
x509_obj.c Unexport more of lhash. 2017-10-25 04:17:18 +00:00
x509_r2x.c Fix a few leaks in X509_REQ_to_X509. 2016-09-09 20:17:16 +00:00
x509_req.c Add some OpenSSL compatibility functions and hacks. 2018-05-08 01:22:04 +00:00
x509_set.c Add some OpenSSL compatibility functions and hacks. 2018-05-08 01:22:04 +00:00
x509_test.cc x509_test: Fix gcc-8 build 2018-05-15 22:58:22 +00:00
x509_time_test.cc Make X509 time validation stricter. 2018-06-25 17:54:33 +00:00
x509_trs.c Avoid modifying stack in sk_find. 2018-04-12 21:02:12 +00:00
x509_txt.c Unexport more of lhash. 2017-10-25 04:17:18 +00:00
x509_v3.c
x509_vfy.c Make X509 time validation stricter. 2018-06-25 17:54:33 +00:00
x509_vpm.c Avoid modifying stack in sk_find. 2018-04-12 21:02:12 +00:00
x509.c
x509cset.c Add some OpenSSL compatibility functions and hacks. 2018-05-08 01:22:04 +00:00
x509name.c Fix bugs in X509_NAME_add_entry. 2018-05-03 17:40:43 +00:00
x509rset.c
x509spki.c
x_algor.c Const-correct X509_ALGOR_get0. 2017-11-22 22:52:38 +00:00
x_all.c Add BIO versions of i2d_DHparams and d2i_DHparams. 2018-05-08 23:12:15 +00:00
x_attrib.c
x_crl.c Correctly find all critical CRL extensions. 2016-10-24 20:09:28 +00:00
x_exten.c
x_info.c
x_name.c Add X509_NAME_get0_der from OpenSSL 1.1.0. 2017-12-06 17:49:04 +00:00
x_pkey.c Work around language and compiler bug in memcpy, etc. 2016-12-21 20:34:47 +00:00
x_pubkey.c
x_req.c
x_sig.c
x_spki.c
x_val.c
x_x509.c Add some OpenSSL compatibility functions and hacks. 2018-05-08 01:22:04 +00:00
x_x509a.c Delete some dead code from crypto/x509. 2017-06-09 19:58:08 +00:00