mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-23 14:42:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
76191c7999
openssl/doc
History
Dr. David von Oheimb 3bed88a397 x509_vfy.c: Restore rejection of expired trusted (root) certificate 
The certificate path validation procedure specified in RFC 5280 does not
include checking the validity period of the trusted (root) certificate.
Still it is common good practice to perform this check.
Also OpenSSL did this until commit 0e7b1383e, which accidentally killed it.

The current commit restores the previous behavior.
It also removes the cause of that bug, namely counter-intuitive design
of the internal function check_issued(), which was complicated by checks
that actually belong to some other internal function, namely find_issuer().

Moreover, this commit adds a regression check and proper documentation of
the root cert validity period check feature, which had been missing so far.

Fixes #13427

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13590)
2020-12-03 14:06:49 +01:00
..
HOWTO
images doc: add OpenSSL logo 2020-02-26 21:04:38 +01:00
internal doc: Documentation changes for moving the entropy source out of the fips provider 2020-11-20 08:24:21 +10:00
man1 x509_vfy.c: Restore rejection of expired trusted (root) certificate 2020-12-03 14:06:49 +01:00
man3 x509_vfy.c: Restore rejection of expired trusted (root) certificate 2020-12-03 14:06:49 +01:00
man5 Add a "random" configuration section. 2020-09-23 15:28:29 +10:00
man7 Add EVP_KDF-X942 to the fips module 2020-12-02 12:15:05 +10:00
build.info
dir-locals.example.el
fingerprints.txt
openssl-c-indent.el
perlvars.pm openssl-*.pod.in: Prevent newlines on empty engine_synopsis causing layout errors 2020-11-10 13:25:45 +01:00
README.md

README.md

OpenSSL Documentation

README.md This file

fingerprints.txt PGP fingerprints of authorised release signers

standards.txt standards.txt Moved to the web, https://www.openssl.org/docs/standards.html

HOWTO/ A few how-to documents; not necessarily up-to-date

man1/ The openssl command-line tools; start with openssl.pod

man3/ The SSL library and the crypto library

man5/ File formats

man7/ Overviews; start with crypto.pod and ssl.pod, for example Algorithm specific EVP_PKEY documentation.

Formatted versions of the manpages (apps,ssl,crypto) can be found at https://www.openssl.org/docs/manpages.html