|Subject:||Patch: X509_VERIFY_PARAM_set_flags related functions, constants and updates|
|Date:||Mon, 18 Dec 2017 20:29:55 +0200|
|To:||bug-Net-SSLeay [...] rt.cpan.org|
|From:||Heikki Vatiainen <hvn [...] open.com.au>|
This patch new functions for certificate verification introduced in OpenSSL 1.02, a number of constants, new test data files, new tests and updates to .pod documentation. The new functions provide access to the built-in wildcard check functionality available in OpenSSL 1.0.2 and later. Please consider including these in next release. Thanks, Heikki * Added more functions that manipulate X509_VERIFY_PARAM structure associated with certificate verification. These functions were introduced in OpenSSL 1.0.2. - SSL_CTX_get0_param - SSL_get0_param - X509_VERIFY_PARAM_set1_host - X509_VERIFY_PARAM_add1_host - X509_VERIFY_PARAM_set_hostflags - X509_VERIFY_PARAM_get0_peername - X509_VERIFY_PARAM_set1_email - X509_VERIFY_PARAM_set1_ip - X509_VERIFY_PARAM_set1_ip_asc Added the new functions in SSLeay.pod Added one X509_check_host() constant introduced in OpenSSL 1.1.0 - X509_CHECK_FLAG_NEVER_CHECK_SUBJECT * Added flags for X509_VERIFY_PARAM structure. These flags are present in many recent LibreSSL and OpenSSL releases. - X509_V_FLAG_NO_ALT_CHAINS - X509_V_FLAG_NO_CHECK_TIME - X509_V_FLAG_PARTIAL_CHAIN - X509_V_FLAG_SUITEB_128_LOS - X509_V_FLAG_SUITEB_128_LOS_ONLY - X509_V_FLAG_SUITEB_192_LOS * Added all X509_V_ERR_ constants returned by get_verify_result() and documented in verify(1). The constant list was obtained from the upcoming OpenSSL 1.1.1 development repository. * Added more tests to t/local/36_verify.t. Added tests for various X509_VERIFY_PARAM_ tests such as X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_set1_ip and X509_VERIFY_PARAM_add0_policy. Wildcard mathing control flags are tested for disabling wildcards. Other flags are not tested yet. Noticed that X509_VERIFY_PARAM_get0_peername always returns undef with OpenSSL 1.0.2 but works with 1.1.0 and later. Reason for this is not known yet. * Added testcert_wildcard.conf in test data directory. This file contains instructions and configuration for creating a certificate with a wildcard name and some extensions to test. * Added wildcard certificate and respective private key for testing in test data directory. -- Heikki Vatiainen <firstname.lastname@example.org>
Message body is not shown because sender requested not to inline it.