openssl/crypto/x509
Dr. David von Oheimb 0e7b1383e1 Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued()
Move check that cert signing is allowed from x509v3_cache_extensions() to
where it belongs: internal_verify(), generalize it for proxy cert signing.
Correct and simplify check_issued(), now checking self-issued (not: self-signed).
Add test case to 25-test_verify.t that demonstrates successful fix

Fixes #1418

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
2020-07-01 11:14:54 +02:00
..
build.info Issuer Sign Tool extention support 2020-03-25 15:33:53 +03:00
by_dir.c In OpenSSL builds, declare STACK for datatypes ... 2020-04-24 16:42:46 +02:00
by_file.c Update copyright year 2020-05-15 14:09:49 +01:00
by_store.c In OpenSSL builds, declare STACK for datatypes ... 2020-04-24 16:42:46 +02:00
ext_dat.h Issuer Sign Tool extention support 2020-03-25 15:33:53 +03:00
pcy_cache.c Update copyright year 2020-05-15 14:09:49 +01:00
pcy_data.c Update copyright year 2020-05-15 14:09:49 +01:00
pcy_lib.c In OpenSSL builds, declare STACK for datatypes ... 2020-04-24 16:42:46 +02:00
pcy_local.h
pcy_map.c Update copyright year 2020-05-15 14:09:49 +01:00
pcy_node.c Update copyright year 2020-05-15 14:09:49 +01:00
pcy_tree.c Update copyright year 2020-05-15 14:09:49 +01:00
standard_exts.h Issuer Sign Tool extention support 2020-03-25 15:33:53 +03:00
t_crl.c Update copyright year 2020-05-15 14:09:49 +01:00
t_req.c Update copyright year 2020-05-15 14:09:49 +01:00
t_x509.c Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. 2020-05-05 10:27:28 +02:00
v3_addr.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_admis.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_admis.h
v3_akey.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_akeya.c
v3_alt.c Adjust length of some strncpy() calls 2020-05-22 15:35:21 +02:00
v3_asid.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_bcons.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_bitst.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_conf.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_cpols.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_crld.c In OpenSSL builds, declare STACK for datatypes ... 2020-04-24 16:42:46 +02:00
v3_enum.c
v3_extku.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_genn.c
v3_ia5.c Code cleanup in X509v3 String Extentions 2020-04-24 20:05:22 +03:00
v3_info.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_int.c
v3_ist.c In OpenSSL builds, declare STACK for datatypes ... 2020-04-24 16:42:46 +02:00
v3_lib.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_ncons.c Coverity 1463258: Incorrect expression (EVALUATION_ORDER) 2020-05-22 17:23:49 +10:00
v3_pci.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_pcia.c
v3_pcons.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_pku.c
v3_pmaps.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_prn.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_purp.c Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() 2020-07-01 11:14:54 +02:00
v3_skey.c
v3_sxnet.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_tlsf.c Update copyright year 2020-05-15 14:09:49 +01:00
v3_utf8.c Code cleanup in X509v3 String Extentions 2020-04-24 20:05:22 +03:00
v3_utl.c Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. 2020-05-05 10:27:28 +02:00
v3err.c
x509_att.c Update copyright year 2020-05-15 14:09:49 +01:00
x509_cmp.c Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 2020-05-27 14:36:13 +02:00
x509_d2.c Update copyright year 2020-06-04 14:33:57 +01:00
x509_def.c
x509_err.c Fix some places where X509_up_ref is used 2020-05-18 17:16:16 +02:00
x509_ext.c
x509_local.h Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} 2020-07-01 11:14:54 +02:00
x509_lu.c In OpenSSL builds, declare STACK for datatypes ... 2020-04-24 16:42:46 +02:00
x509_meth.c
x509_obj.c Update copyright year 2020-05-15 14:09:49 +01:00
x509_r2x.c In OpenSSL builds, declare STACK for datatypes ... 2020-04-24 16:42:46 +02:00
x509_req.c Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 2020-05-27 14:36:13 +02:00
x509_set.c Update copyright year 2020-04-23 13:55:52 +01:00
x509_trs.c In OpenSSL builds, declare STACK for datatypes ... 2020-04-24 16:42:46 +02:00
x509_txt.c Refactor (without semantic changes) crypto/x509/{v3_purp.c,x509_vfy.c} 2020-07-01 11:14:54 +02:00
x509_v3.c Update copyright year 2020-05-15 14:09:49 +01:00
x509_vfy.c Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued() 2020-07-01 11:14:54 +02:00
x509_vpm.c Strengthen X509_STORE_CTX_print_verify_cb() to print expected host etc. 2020-05-05 10:27:28 +02:00
x509cset.c In OpenSSL builds, declare STACK for datatypes ... 2020-04-24 16:42:46 +02:00
x509name.c In OpenSSL builds, declare STACK for datatypes ... 2020-04-24 16:42:46 +02:00
x509rset.c Update copyright year 2020-04-23 13:55:52 +01:00
x509spki.c
x509type.c
x_all.c Create a libctx aware X509_verify_ex() 2020-04-16 14:19:51 +01:00
x_attrib.c Update copyright year 2020-05-15 14:09:49 +01:00
x_crl.c In OpenSSL builds, declare STACK for datatypes ... 2020-04-24 16:42:46 +02:00
x_exten.c
x_name.c In OpenSSL builds, declare STACK for datatypes ... 2020-04-24 16:42:46 +02:00
x_pubkey.c Rename EVP_PKEY_cmp() to EVP_PKEY_eq() and EVP_PKEY_cmp_parameters() to EVP_PKEY_parameters_eq() 2020-05-27 14:36:13 +02:00
x_req.c In OpenSSL builds, declare STACK for datatypes ... 2020-04-24 16:42:46 +02:00
x_x509.c include/openssl/x509v3.h: restore previous stack definition arrangement 2020-04-29 06:37:10 +02:00
x_x509a.c Update copyright year 2020-05-15 14:09:49 +01:00