mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-09 05:51:54 +08:00
Code Issues Packages Projects Releases Wiki Activity
d41de45a33
openssl/crypto/x509
History
Viktor Dukhovni 5ae4ceb92c Perform DANE-EE(3) name checks by default 
In light of potential UKS (unknown key share) attacks on some
applications, primarily browsers, despite RFC761, name checks are
by default applied with DANE-EE(3) TLSA records.  Applications for
which UKS is not a problem can optionally disable DANE-EE(3) name
checks via the new SSL_CTX_dane_set_flags() and friends.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-12 10:16:34 -04:00
..
build.info
by_dir.c
by_file.c
t_crl.c
t_req.c
t_x509.c
x509_att.c Fix an error path leak in int X509_ATTRIBUTE_set1_data() 2016-06-10 16:42:05 +01:00
x509_cmp.c
x509_d2.c
x509_def.c
x509_err.c make update 2016-06-20 21:34:37 +02:00
x509_ext.c
x509_lcl.h
x509_lu.c Add checks on sk_TYPE_push() returned value 2016-07-05 17:45:50 +01:00
x509_obj.c Spelling 2016-06-29 09:56:39 -04:00
x509_r2x.c
x509_req.c
x509_set.c
x509_trs.c Remove pointless free loop in X509_TRUST_cleanup() 2016-06-20 09:58:58 -04:00
x509_txt.c Check that the subject name in a proxy cert complies to RFC 3820 2016-06-20 21:34:37 +02:00
x509_v3.c
x509_vfy.c Perform DANE-EE(3) name checks by default 2016-07-12 10:16:34 -04:00
x509_vpm.c Make a2i_ipadd an internal function 2016-06-09 17:15:42 -04:00
x509cset.c
x509name.c
x509rset.c
x509spki.c
x509type.c
x_all.c
x_attrib.c
x_crl.c
x_exten.c
x_name.c Missing NULL check on OBJ_dup result in x509_name_canon 2016-06-18 16:30:24 -04:00
x_pubkey.c
x_req.c
x_x509.c
x_x509a.c