mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
55a6250f1e
Only check the CN against DNS name contraints if the `X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the certificate has no DNS subject alternative names or the `X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT` flag is set. Add pertinent documentation, and touch up some stale text about name checks and DANE. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> |
||
|---|---|---|
| .. | ||
| build.info | ||
| ext_dat.h | ||
| pcy_cache.c | ||
| pcy_data.c | ||
| pcy_int.h | ||
| pcy_lib.c | ||
| pcy_map.c | ||
| pcy_node.c | ||
| pcy_tree.c | ||
| standard_exts.h | ||
| v3_addr.c | ||
| v3_admis.c | ||
| v3_admis.h | ||
| v3_akey.c | ||
| v3_akeya.c | ||
| v3_alt.c | ||
| v3_asid.c | ||
| v3_bcons.c | ||
| v3_bitst.c | ||
| v3_conf.c | ||
| v3_cpols.c | ||
| v3_crld.c | ||
| v3_enum.c | ||
| v3_extku.c | ||
| v3_genn.c | ||
| v3_ia5.c | ||
| v3_info.c | ||
| v3_int.c | ||
| v3_lib.c | ||
| v3_ncons.c | ||
| v3_pci.c | ||
| v3_pcia.c | ||
| v3_pcons.c | ||
| v3_pku.c | ||
| v3_pmaps.c | ||
| v3_prn.c | ||
| v3_purp.c | ||
| v3_skey.c | ||
| v3_sxnet.c | ||
| v3_tlsf.c | ||
| v3_utl.c | ||
| v3err.c | ||