Viktor Dukhovni 55a6250f1e Skip CN DNS name constraint checks when not needed ... Only check the CN against DNS name contraints if the `X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the certificate has no DNS subject alternative names or the `X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT` flag is set. Add pertinent documentation, and touch up some stale text about name checks and DANE. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>		2018-05-23 11:12:17 -04:00
..
build.info
ext_dat.h
pcy_cache.c	Update copyright year	2018-05-01 13:34:30 +01:00
pcy_data.c	Update copyright year	2018-05-01 13:34:30 +01:00
pcy_int.h
pcy_lib.c
pcy_map.c
pcy_node.c	Update copyright year	2018-05-01 13:34:30 +01:00
pcy_tree.c	Update copyright year	2018-05-01 13:34:30 +01:00
standard_exts.h
v3_addr.c
v3_admis.c
v3_admis.h
v3_akey.c
v3_akeya.c
v3_alt.c
v3_asid.c
v3_bcons.c
v3_bitst.c
v3_conf.c
v3_cpols.c	Update copyright year	2018-05-01 13:34:30 +01:00
v3_crld.c
v3_enum.c
v3_extku.c
v3_genn.c
v3_ia5.c
v3_info.c
v3_int.c
v3_lib.c
v3_ncons.c	Skip CN DNS name constraint checks when not needed	2018-05-23 11:12:17 -04:00
v3_pci.c
v3_pcia.c
v3_pcons.c
v3_pku.c
v3_pmaps.c
v3_prn.c
v3_purp.c	v3_purp.c: add locking to x509v3_cache_extensions()	2018-05-03 22:22:37 +02:00
v3_skey.c
v3_sxnet.c
v3_tlsf.c
v3_utl.c
v3err.c