openssl/test/certs
Viktor Dukhovni fbb82a60dc Move peer chain security checks into x509_vfy.c
A new X509_VERIFY_PARAM_set_auth_level() function sets the
authentication security level.  For verification of SSL peers, this
is automatically set from the SSL security level.  Otherwise, for
now, the authentication security level remains at (effectively) 0
by default.

The new "-auth_level" verify(1) option is available in all the
command-line tools that support the standard verify(1) options.

New verify(1) tests added to check enforcement of chain signature
and public key security levels.  Also added new tests of enforcement
of the verify_depth limit.

Updated documentation.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-04-03 11:35:35 -04:00
..
bad.key
bad.pem
ca-anyEKU.pem
ca-cert2.pem
ca-cert-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-cert-768i.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-cert-md5-any.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-cert-md5.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-cert.pem
ca-clientAuth.pem
ca-expired.pem
ca-key2.pem
ca-key-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ca-key.pem
ca-name2.pem
ca-nonbc.pem
ca-nonca.pem
ca-root2.pem
ca-serverAuth.pem
ca+anyEKU.pem
ca+clientAuth.pem
ca+serverAuth.pem
cca-anyEKU.pem
cca-cert.pem
cca-clientAuth.pem
cca-serverAuth.pem
cca+anyEKU.pem
cca+clientAuth.pem
cca+serverAuth.pem
croot-anyEKU.pem
croot-cert.pem
croot-clientAuth.pem
croot-serverAuth.pem
croot+anyEKU.pem
croot+clientAuth.pem
croot+serverAuth.pem
ee-cert2.pem
ee-cert-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ee-cert-768i.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ee-cert-md5.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ee-cert.pem
ee-client.pem
ee-clientAuth.pem
ee-expired.pem
ee-key-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
ee-key.pem
ee-name2.pem
ee-serverAuth.pem
ee+clientAuth.pem
ee+serverAuth.pem
embeddedSCTs1_issuer.pem
embeddedSCTs1.pem
embeddedSCTs1.sct
embeddedSCTs3_issuer.pem
embeddedSCTs3.pem
embeddedSCTs3.sct
interCA.key
interCA.pem
leaf.key
leaf.pem
mkcert.sh Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
nca+anyEKU.pem
nca+serverAuth.pem
nroot+anyEKU.pem
nroot+serverAuth.pem
root2-serverAuth.pem
root2+clientAuth.pem
root2+serverAuth.pem
root-anyEKU.pem
root-cert2.pem
root-cert-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
root-cert-md5.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
root-cert.pem
root-clientAuth.pem
root-key2.pem
root-key-768.pem Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
root-key.pem
root-name2.pem
root-nonca.pem
root-noserver.pem
root-serverAuth.pem
root+anyEKU.pem
root+clientAuth.pem
root+serverAuth.pem
rootCA.key
rootCA.pem
rootcert.pem
rootkey.pem
roots.pem
sca-anyEKU.pem
sca-cert.pem
sca-clientAuth.pem
sca-serverAuth.pem
sca+anyEKU.pem
sca+clientAuth.pem
sca+serverAuth.pem
server-trusted.pem
servercert.pem
serverkey.pem
setup.sh Move peer chain security checks into x509_vfy.c 2016-04-03 11:35:35 -04:00
sroot-anyEKU.pem
sroot-cert.pem
sroot-clientAuth.pem
sroot-serverAuth.pem
sroot+anyEKU.pem
sroot+clientAuth.pem
sroot+serverAuth.pem
subinterCA-ss.pem
subinterCA.key
subinterCA.pem
untrusted.pem
wrongcert.pem
wrongkey.pem