boringssl

2134 Commits

59 Branches

16 Tags

480 MiB

Tag: Branch: Tree: master

Commit Graph

Author	SHA1	Message	Date
David Benjamin	cf00b172a1	Remove remnants of Netscape Server Gated Crypto from the new verifier Per the bug, we were waiting for the launch to stick. It has now stuck, so finish the job. Also fix the rebase-errors.py scripts. They stopped working after the migration. Update-Note: SHA-1 certificates with the Netscape SGC OID will no longer skip their EKU check in the new verifier. By default, SHA-1 certificates are rejected, in which case this only impacts error reporting, not which certificates are ultimately accepted. Fixed: chromium:843735 Change-Id: I44df6a0ee80625c50e0bdf03fb775df9913fd141 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65054 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Bob Beck <bbe@google.com>	10 months ago
Bob Beck	bc97b7a8e1	Bring in the core of chromium certificate verifier as libpki Initially this leaves the canonical source in chrome, Additions and fillins are committed directly, the chrome files are coverted using the IMPORT script run from the pki directory for the moment. The intention here is to continue frequent automatic conversion (and avoid wholesale cosmetic changes in here for now) until chrome converts to use these files in place of it's versions. At that point these will become the definiative files, and the IMPORT script can be tossed out. A middle step along the way will be to change google3's verify.cc in third_party/chromium_certificate_verifier to use this instead of it's own extracted copy. Status (and what is not done yet) being roughly tracked in README.md Bug: chromium:1322914 Change-Id: Ibdb5479bc68985fa61ce6b10f98f31f6b3a7cbdf Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60285 Commit-Queue: Bob Beck <bbe@google.com> Reviewed-by: Adam Langley <agl@google.com>	1 year ago

Author

SHA1

Message

Date

David Benjamin

cf00b172a1

Remove remnants of Netscape Server Gated Crypto from the new verifier

Per the bug, we were waiting for the launch to stick. It has now stuck,
so finish the job.

Also fix the rebase-errors.py scripts. They stopped working after the
migration.

Update-Note: SHA-1 certificates with the Netscape SGC OID will no longer
skip their EKU check in the new verifier. By default, SHA-1
certificates are rejected, in which case this only impacts error
reporting, not which certificates are ultimately accepted.

Fixed: chromium:843735
Change-Id: I44df6a0ee80625c50e0bdf03fb775df9913fd141
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65054
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

10 months ago

Bob Beck

bc97b7a8e1

Bring in the core of chromium certificate verifier as libpki

Initially this leaves the canonical source in chrome, Additions
and fillins are committed directly, the chrome files are coverted
using the IMPORT script run from the pki directory for the moment.

The intention here is to continue frequent automatic conversion
(and avoid wholesale cosmetic changes in here for now) until
chrome converts to use these files in place of it's versions.
At that point these will become the definiative files, and the
IMPORT script can be tossed out.

A middle step along the way will be to change google3's verify.cc
in third_party/chromium_certificate_verifier to use this instead
of it's own extracted copy.

Status (and what is not done yet) being roughly tracked in README.md

Bug: chromium:1322914

Change-Id: Ibdb5479bc68985fa61ce6b10f98f31f6b3a7cbdf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60285
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Adam Langley <agl@google.com>

1 year ago

2 Commits (master)