Skip Menu |
 

This queue is for tickets about the Net-SSLeay CPAN distribution.

Report information
The Basics
Id: 123912
Status: resolved
Priority: 0/
Queue: Net-SSLeay

People
Owner: MIKEM [...] cpan.org
Requestors: hvn [...] open.com.au
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: 1.83



Subject: Patch: X509_VERIFY_PARAM_set_flags related functions, constants and updates
Date: Mon, 18 Dec 2017 20:29:55 +0200
To: bug-Net-SSLeay [...] rt.cpan.org
From: Heikki Vatiainen <hvn [...] open.com.au>
Download (untitled) / with headers
text/plain 2.3k
This patch new functions for certificate verification introduced in OpenSSL 1.02, a number of constants, new test data files, new tests and updates to .pod documentation. The new functions provide access to the built-in wildcard check functionality available in OpenSSL 1.0.2 and later. Please consider including these in next release. Thanks, Heikki * Added more functions that manipulate X509_VERIFY_PARAM structure associated with certificate verification. These functions were introduced in OpenSSL 1.0.2. - SSL_CTX_get0_param - SSL_get0_param - X509_VERIFY_PARAM_set1_host - X509_VERIFY_PARAM_add1_host - X509_VERIFY_PARAM_set_hostflags - X509_VERIFY_PARAM_get0_peername - X509_VERIFY_PARAM_set1_email - X509_VERIFY_PARAM_set1_ip - X509_VERIFY_PARAM_set1_ip_asc Added the new functions in SSLeay.pod Added one X509_check_host() constant introduced in OpenSSL 1.1.0 - X509_CHECK_FLAG_NEVER_CHECK_SUBJECT * Added flags for X509_VERIFY_PARAM structure. These flags are present in many recent LibreSSL and OpenSSL releases. - X509_V_FLAG_NO_ALT_CHAINS - X509_V_FLAG_NO_CHECK_TIME - X509_V_FLAG_PARTIAL_CHAIN - X509_V_FLAG_SUITEB_128_LOS - X509_V_FLAG_SUITEB_128_LOS_ONLY - X509_V_FLAG_SUITEB_192_LOS * Added all X509_V_ERR_ constants returned by get_verify_result() and documented in verify(1). The constant list was obtained from the upcoming OpenSSL 1.1.1 development repository. * Added more tests to t/local/36_verify.t. Added tests for various X509_VERIFY_PARAM_ tests such as X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_set1_ip and X509_VERIFY_PARAM_add0_policy. Wildcard mathing control flags are tested for disabling wildcards. Other flags are not tested yet. Noticed that X509_VERIFY_PARAM_get0_peername always returns undef with OpenSSL 1.0.2 but works with 1.1.0 and later. Reason for this is not known yet. * Added testcert_wildcard.conf in test data directory. This file contains instructions and configuration for creating a certificate with a wildcard name and some extensions to test. * Added wildcard certificate and respective private key for testing in test data directory. -- Heikki Vatiainen <hvn@open.com.au>

Message body is not shown because sender requested not to inline it.

Subject: Re: [rt.cpan.org #123912] Patch: X509_VERIFY_PARAM_set_flags related functions, constants and updates
Date: Sat, 23 Dec 2017 07:36:38 +1000
To: bug-Net-SSLeay [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Download (untitled) / with headers
text/plain 3.1k
Thanks Heikki, Your patch is now in SVN 511 Cheers. On Tuesday, 19 December 2017 04:31:34 AEST you wrote: Show quoted text
> Mon Dec 18 13:31:32 2017: Request 123912 was acted upon. > Transaction: Ticket created by hvn@open.com.au > Queue: Net-SSLeay > Subject: Patch: X509_VERIFY_PARAM_set_flags related functions, > constants and updates Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: hvn@open.com.au > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=123912 > > > > This patch new functions for certificate verification introduced in > OpenSSL 1.02, a number of constants, new test data files, new tests and > updates to .pod documentation. > > The new functions provide access to the built-in wildcard check > functionality available in OpenSSL 1.0.2 and later. > > Please consider including these in next release. > > Thanks, > Heikki > > > * Added more functions that manipulate X509_VERIFY_PARAM > structure associated with certificate verification. These > functions were introduced in OpenSSL 1.0.2. > - SSL_CTX_get0_param > - SSL_get0_param > > - X509_VERIFY_PARAM_set1_host > - X509_VERIFY_PARAM_add1_host > - X509_VERIFY_PARAM_set_hostflags > - X509_VERIFY_PARAM_get0_peername > - X509_VERIFY_PARAM_set1_email > - X509_VERIFY_PARAM_set1_ip > - X509_VERIFY_PARAM_set1_ip_asc > > Added the new functions in SSLeay.pod > > Added one X509_check_host() constant introduced in OpenSSL 1.1.0 > - X509_CHECK_FLAG_NEVER_CHECK_SUBJECT > > * Added flags for X509_VERIFY_PARAM structure. > These flags are present in many recent LibreSSL and OpenSSL > releases. > > - X509_V_FLAG_NO_ALT_CHAINS > - X509_V_FLAG_NO_CHECK_TIME > - X509_V_FLAG_PARTIAL_CHAIN > - X509_V_FLAG_SUITEB_128_LOS > - X509_V_FLAG_SUITEB_128_LOS_ONLY > - X509_V_FLAG_SUITEB_192_LOS > > * Added all X509_V_ERR_ constants returned by get_verify_result() > and documented in verify(1). > > The constant list was obtained from the upcoming OpenSSL 1.1.1 > development repository. > > * Added more tests to t/local/36_verify.t. > > Added tests for various X509_VERIFY_PARAM_ tests such as > X509_VERIFY_PARAM_set1_host, X509_VERIFY_PARAM_set1_ip and > X509_VERIFY_PARAM_add0_policy. > > Wildcard mathing control flags are tested for disabling > wildcards. Other flags are not tested yet. > > Noticed that X509_VERIFY_PARAM_get0_peername always returns undef > with OpenSSL 1.0.2 but works with 1.1.0 and later. Reason for this > is not known yet. > > * Added testcert_wildcard.conf in test data directory. > > This file contains instructions and configuration for creating > a certificate with a wildcard name and some extensions to test. > > * Added wildcard certificate and respective private key for > testing in test data directory.
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.