mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
9873297900
SSL(_CTX)?_set_client_CA_list() was a server side only function in 1.1.0. If it was called on the client side then it was ignored. In 1.1.1 it now makes sense to have a CA list defined for both client and server (the client now sends it the the TLSv1.3 certificate_authorities extension). Unfortunately some applications were using the same SSL_CTX for both clients and servers and this resulted in some client ClientHellos being excessively large due to the number of certificate authorities being sent. This commit seperates out the CA list updated by SSL(_CTX)?_set_client_CA_list() and the more generic SSL(_CTX)?_set0_CA_list(). This means that SSL(_CTX)?_set_client_CA_list() still has no effect on the client side. If both CA lists are set then SSL(_CTX)?_set_client_CA_list() takes priority. Fixes #7411 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7503) |
||
|---|---|---|
| .. | ||
| HOWTO | ||
| man1 | ||
| man3 | ||
| man5 | ||
| man7 | ||
| dir-locals.example.el | ||
| fingerprints.txt | ||
| openssl-c-indent.el | ||
| README | ||
README This file
fingerprints.txt
PGP fingerprints of authorised release signers
standards.txt
Moved to the web, https://www.openssl.org/docs/standards.html
HOWTO/
A few how-to documents; not necessarily up-to-date
man1/
The openssl command-line tools; start with openssl.pod
man3/
The SSL library and the crypto library
man5/
File formats
man7/
Overviews; start with crypto.pod and ssl.pod, for example
Algorithm specific EVP_PKEY documentation.
Formatted versions of the manpages (apps,ssl,crypto) can be found at
https://www.openssl.org/docs/manpages.html