openssl

mirror of https://github.com/openssl/openssl.git synced 2024-12-03 05:41:46 +08:00

History

Viktor Dukhovni aea6116146 Make it possible to check for explicit auxiliary trust By default X509_check_trust() trusts self-signed certificates from the trust store that have no explicit local trust/reject oids encapsulated as a "TRUSTED CERTIFICATE" object. (See the -addtrust and -trustout options of x509(1)). This commit adds a flag that makes it possible to distinguish between that implicit trust, and explicit auxiliary settings. With flags \|= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted via explicit trust settings. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>	2016-01-29 10:53:46 -05:00
..
internal	Remove /* foo.c */ comments	2016-01-26 16:40:43 -05:00
openssl	Make it possible to check for explicit auxiliary trust	2016-01-29 10:53:46 -05:00

Viktor Dukhovni aea6116146 Make it possible to check for explicit auxiliary trust

By default X509_check_trust() trusts self-signed certificates from
the trust store that have no explicit local trust/reject oids
encapsulated as a "TRUSTED CERTIFICATE" object.  (See the -addtrust
and -trustout options of x509(1)).

This commit adds a flag that makes it possible to distinguish between
that implicit trust, and explicit auxiliary settings.

With flags |= X509_TRUST_NO_SS_COMPAT, a certificate is only trusted
via explicit trust settings.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>

2016-01-29 10:53:46 -05:00

internal

Remove /* foo.c */ comments

2016-01-26 16:40:43 -05:00

openssl

Make it possible to check for explicit auxiliary trust

2016-01-29 10:53:46 -05:00