mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
0b670a2101
If a presumably self-signed cert is last in chain we verify its signature only if X509_V_FLAG_CHECK_SS_SIGNATURE is set. Upon this request we do the signature verification, but not in case it is a (non-conforming) self-issued CA certificate with a key usage extension that does not include keyCertSign. Make clear when we must verify the signature of a certificate and when we must adhere to key usage restrictions of the 'issuing' cert. Add some comments for making internal_verify() easier to understand. Update the documentation of X509_V_FLAG_CHECK_SS_SIGNATURE accordingly. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12375) |
||
|---|---|---|
| .. | ||
| HOWTO | ||
| images | ||
| internal | ||
| man1 | ||
| man3 | ||
| man5 | ||
| man7 | ||
| build.info | ||
| dir-locals.example.el | ||
| fingerprints.txt | ||
| openssl-c-indent.el | ||
| perlvars.pm | ||
| README.md | ||
OpenSSL Documentation
README.md This file
fingerprints.txt PGP fingerprints of authorised release signers
standards.txt standards.txt Moved to the web, https://www.openssl.org/docs/standards.html
HOWTO/ A few how-to documents; not necessarily up-to-date
man1/ The openssl command-line tools; start with openssl.pod
man3/ The SSL library and the crypto library
man5/ File formats
man7/ Overviews; start with crypto.pod and ssl.pod, for example Algorithm specific EVP_PKEY documentation.
Formatted versions of the manpages (apps,ssl,crypto) can be found at https://www.openssl.org/docs/manpages.html