Loading CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] *) Add -trusted_first option which attempts to find certificates in the trusted store even if an untrusted chain is also supplied. [Steve Henson] *) MIPS assembly pack updates: support for MIPS32r2 and SmartMIPS ASE, platform support for Linux and Android. [Andy Polyakov] Loading apps/apps.c +2 −0 Original line number Diff line number Diff line Loading @@ -2358,6 +2358,8 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_NOTIFY_POLICY; else if (!strcmp(arg, "-check_ss_sig")) flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; else if (!strcmp(arg, "-trusted_first")) flags |= X509_V_FLAG_TRUSTED_FIRST; else return 0; Loading crypto/x509/x509_vfy.c +16 −0 Original line number Diff line number Diff line Loading @@ -206,6 +206,22 @@ int X509_verify_cert(X509_STORE_CTX *ctx) /* If we are self signed, we break */ if (ctx->check_issued(ctx, x,x)) break; /* If asked see if we can find issuer in trusted store first */ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { ok = ctx->get_issuer(&xtmp, ctx, x); if (ok < 0) return ok; /* If successful for now free up cert so it * will be picked up again later. */ if (ok > 0) { X509_free(xtmp); break; } } /* If we were passed a cert chain, use it first */ if (ctx->untrusted != NULL) { Loading crypto/x509/x509_vfy.h +2 −0 Original line number Diff line number Diff line Loading @@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_FLAG_USE_DELTAS 0x2000 /* Check selfsigned CA signature */ #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 /* Use trusted store first */ #define X509_V_FLAG_TRUSTED_FIRST 0x8000 #define X509_VP_FLAG_DEFAULT 0x1 Loading Loading
CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -4,6 +4,10 @@ Changes between 1.0.1 and 1.0.2 [xx XXX xxxx] *) Add -trusted_first option which attempts to find certificates in the trusted store even if an untrusted chain is also supplied. [Steve Henson] *) MIPS assembly pack updates: support for MIPS32r2 and SmartMIPS ASE, platform support for Linux and Android. [Andy Polyakov] Loading
apps/apps.c +2 −0 Original line number Diff line number Diff line Loading @@ -2358,6 +2358,8 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_NOTIFY_POLICY; else if (!strcmp(arg, "-check_ss_sig")) flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; else if (!strcmp(arg, "-trusted_first")) flags |= X509_V_FLAG_TRUSTED_FIRST; else return 0; Loading
crypto/x509/x509_vfy.c +16 −0 Original line number Diff line number Diff line Loading @@ -206,6 +206,22 @@ int X509_verify_cert(X509_STORE_CTX *ctx) /* If we are self signed, we break */ if (ctx->check_issued(ctx, x,x)) break; /* If asked see if we can find issuer in trusted store first */ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { ok = ctx->get_issuer(&xtmp, ctx, x); if (ok < 0) return ok; /* If successful for now free up cert so it * will be picked up again later. */ if (ok > 0) { X509_free(xtmp); break; } } /* If we were passed a cert chain, use it first */ if (ctx->untrusted != NULL) { Loading
crypto/x509/x509_vfy.h +2 −0 Original line number Diff line number Diff line Loading @@ -389,6 +389,8 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_V_FLAG_USE_DELTAS 0x2000 /* Check selfsigned CA signature */ #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 /* Use trusted store first */ #define X509_V_FLAG_TRUSTED_FIRST 0x8000 #define X509_VP_FLAG_DEFAULT 0x1 Loading
