Commit Graph

11 Commits

Author SHA1 Message Date
David Woodhouse
2bfbeb2645 RT3998: fix X509_check_host.pod release to 1.0.2
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-08-08 18:13:25 -04:00
Alok Menghrajani
186bb90705 RT3802: Fixes typos in doc/crypto/
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-03 08:51:23 -04:00
Emilia Kasper
0923e7df9e Fix hostname validation in the command-line tool to honour negative return values.
Specifically, an ASN.1 NumericString in the certificate CN will fail UTF-8 conversion
and result in a negative return value, which the "x509 -checkhost" command-line option
incorrectly interpreted as success.

Also update X509_check_host docs to reflect reality.

Thanks to Sean Burford (Google) for reporting this issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-10 15:35:20 +01:00
Viktor Dukhovni
b73ac02735 Improve X509_check_host() documentation.
Based on feedback from Jeffrey Walton.
2014-07-07 20:34:06 +10:00
Viktor Dukhovni
297c67fcd8 Update API to use (char *) for email addresses and hostnames
Reduces number of silly casts in OpenSSL code and likely most
applications.  Consistent with (char *) for "peername" value from
X509_check_host() and X509_VERIFY_PARAM_get0_peername().
2014-07-07 19:11:38 +10:00
Viktor Dukhovni
ced3d9158a Set optional peername when X509_check_host() succeeds.
Pass address of X509_VERIFY_PARAM_ID peername to X509_check_host().
Document modified interface.
2014-07-06 01:50:50 +10:00
Viktor Dukhovni
8abffa4a73 Multiple verifier reference identities.
Implemented as STACK_OF(OPENSSL_STRING).
2014-06-22 20:32:35 -04:00
Viktor Dukhovni
d241b80409 More complete X509_check_host documentation. 2014-06-22 19:50:02 -04:00
Viktor Dukhovni
a09e4d24ad Client-side namecheck wildcards.
A client reference identity of ".example.com" matches a server
certificate presented identity that is any sub-domain of "example.com"
(e.g. "www.sub.example.com).

With the X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS flag, it matches
only direct child sub-domains (e.g. "www.sub.example.com").
2014-06-12 23:19:25 +01:00
Viktor Dukhovni
397a8e747d Fixes to host checking.
Fixes to host checking wild card support and add support for
setting host checking flags when verifying a certificate
chain.
2014-05-21 11:31:28 +01:00
Dr. Stephen Henson
d88926f181 PR: 2909
Contributed by: Florian Weimer <fweimer@redhat.com>

Fixes to X509 hostname and email address checking. Wildcard matching support.
New test program and manual page.
2012-11-18 15:13:55 +00:00