Loading CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] *) If a candidate issuer certificate is already part of the constructed path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case. [Steve Henson] *) Improve forward-security support: add functions void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure)) Loading crypto/x509/x509_txt.c +2 −0 Original line number Diff line number Diff line Loading @@ -183,6 +183,8 @@ const char *X509_verify_cert_error_string(long n) return("unsupported or invalid name syntax"); case X509_V_ERR_CRL_PATH_VALIDATION_ERROR: return("CRL path validation error"); case X509_V_ERR_PATH_LOOP: return("Path Loop"); default: BIO_snprintf(buf,sizeof buf,"error number %ld",n); Loading crypto/x509/x509_vfy.c +15 −0 Original line number Diff line number Diff line Loading @@ -439,6 +439,21 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) { int ret; ret = X509_check_issued(issuer, x); if (ret == X509_V_OK) { int i; X509 *ch; for (i = 0; i < sk_X509_num(ctx->chain); i++) { ch = sk_X509_value(ctx->chain, i); if (ch == issuer || !X509_cmp(ch, issuer)) { ret = X509_V_ERR_PATH_LOOP; break; } } } if (ret == X509_V_OK) return 1; /* If we haven't asked for issuer errors don't set ctx */ Loading crypto/x509/x509_vfy.h +2 −0 Original line number Diff line number Diff line Loading @@ -353,6 +353,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 #define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 #define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 /* Another issuer check debug option */ #define X509_V_ERR_PATH_LOOP 55 /* The application is not happy */ #define X509_V_ERR_APPLICATION_VERIFICATION 50 Loading Loading
CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] *) If a candidate issuer certificate is already part of the constructed path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case. [Steve Henson] *) Improve forward-security support: add functions void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure)) Loading
crypto/x509/x509_txt.c +2 −0 Original line number Diff line number Diff line Loading @@ -183,6 +183,8 @@ const char *X509_verify_cert_error_string(long n) return("unsupported or invalid name syntax"); case X509_V_ERR_CRL_PATH_VALIDATION_ERROR: return("CRL path validation error"); case X509_V_ERR_PATH_LOOP: return("Path Loop"); default: BIO_snprintf(buf,sizeof buf,"error number %ld",n); Loading
crypto/x509/x509_vfy.c +15 −0 Original line number Diff line number Diff line Loading @@ -439,6 +439,21 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) { int ret; ret = X509_check_issued(issuer, x); if (ret == X509_V_OK) { int i; X509 *ch; for (i = 0; i < sk_X509_num(ctx->chain); i++) { ch = sk_X509_value(ctx->chain, i); if (ch == issuer || !X509_cmp(ch, issuer)) { ret = X509_V_ERR_PATH_LOOP; break; } } } if (ret == X509_V_OK) return 1; /* If we haven't asked for issuer errors don't set ctx */ Loading
crypto/x509/x509_vfy.h +2 −0 Original line number Diff line number Diff line Loading @@ -353,6 +353,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 #define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 #define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 /* Another issuer check debug option */ #define X509_V_ERR_PATH_LOOP 55 /* The application is not happy */ #define X509_V_ERR_APPLICATION_VERIFICATION 50 Loading
