Tag: Branch: Tree: ee510f5889

2214

2272

2311

2357

2490

2564

2623

2661

2704

2785

2883

2924

2987

3029

3071

3112

3202

3239

3282

3359

3538

3945

chromium-2214

chromium-2272

chromium-2311

chromium-2357

chromium-2490

chromium-2564

chromium-2623

chromium-2661

chromium-2704

chromium-2883

chromium-2924

chromium-2987

chromium-3029

chromium-3071

chromium-3112

chromium-3202

chromium-3239

chromium-3282

chromium-3359

chromium-3538

chromium-3945

chromium-5359

chromium-5414

chromium-stable

chromium-stable-with-bazel

esni

fips-20180730

fips-20220613

fips-20230428

fips-20240407

fips-20240805

fips-20250107

fips-android-20191008

grpc-202302

infra/config

main

main-with-bazel

master

master-with-bazel

0.20240913.0

0.20240930.0

0.20241024.0

0.20241203.0

0.20241209.0

0.20250114.0

0.20250212.0

fips-20170615

fips-20180730

fips-20190808

fips-20210429

fips-20220613

fips-android-20191020

version_for_cocoapods_1.0

version_for_cocoapods_10.0

version_for_cocoapods_2.0

version_for_cocoapods_3.0

version_for_cocoapods_4.0

version_for_cocoapods_5.0

version_for_cocoapods_6.0

version_for_cocoapods_7.0

version_for_cocoapods_8.0

version_for_cocoapods_9.0

Branches Tags

${ item.name }

Create tag ${ searchTerm }

Create branch ${ searchTerm }

from 'ee510f5889'

${ noResults }

Commit Graph

5 Commits (ee510f58895c6a88b59f1b66a94939d08ebdfe5b)

Author	SHA1	Message	Date
David Benjamin	8f5eb80b81	Enable X509_V_FLAG_TRUSTED_FIRST by default. ... The OpenSSL X.509 verifier lacks a proper path builder. When there are two paths available for a certificate, we pick one without looking at expiry, etc. In scenarios like one below, X509_V_FLAG_TRUSTED_FIRST will prefer Leaf -> Intermediate -> Root1. Otherwise, we will prefer Leaf -> Intermediate -> Root1Cross -> Root2: Root2 | Root1 Root1Cross \ / Intermediate | Leaf If Root2 is expired, as with Let's Encrypt, X509_V_FLAG_TRUSTED_FIRST will find the path we want. Same if Root1Cross is expired. (Meanwhile, if Root1 is expired, TRUSTED_FIRST will break and leaving it off works. TRUSTED_FIRST does not actually select chains with validity in mind. It just changes the semi-arbitrary decision.) OpenSSL 1.1.x now defaults to X509_V_FLAG_TRUSTED_FIRST by default, so match them. Hopefully the shorter chain is more likely to be correct. Update-Note: X509_verify_cert will now build slightly different chains by default. Hopefully, this fixes more issues than it causes, but there is a risk of trusted_first breaking other scenarios. Those scenarios will also break OpenSSL 1.1.x defaults, so hopefully this is fine. Bug: 439 Change-Id: Ie624f1f7e85a9e8c283f1caf24729aef9206ea16 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49746 Reviewed-by: Adam Langley <agl@google.com> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>	3 years ago
David Benjamin	f25ada3a79	Prefix and unexport a2i_ipadd. ... This is a bit short of a name to take, and no one seems to be using it. (OpenSSL has renamed it, but not unexported it.) Change-Id: I0de74d4d4812678ac3b1ec4b1b126a7748fe952b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48129 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>	4 years ago
David Benjamin	869bf9f3af	Fold X509_VERIFY_PARAM_ID into X509_VERIFY_PARAM. ... See also upstream's 9689a6aeed4ef7a2357cb95191b4313175440e4c. X509_VERIFY_PARAM_ID made sense as a separate structure when X509_VERIFY_PARAM was public, but now the struct is unexported. Change-Id: I93bac64d33b76aa020fae07bba71b04f1505fdc4 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48128 Reviewed-by: Adam Langley <agl@google.com>	4 years ago
David Benjamin	36ea4d1134	Move crypto/x509/vpm_int.h into internal.h. ... Change-Id: Ia8016763a2aa2fff85a3abc59f3d5593ca26081b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48126 Reviewed-by: Adam Langley <agl@google.com>	4 years ago
Adam Langley	fb0c05cac2	acvp: add CMAC-AES support. ... Change by Dan Janni. Change-Id: I3f059e7b1a822c6f97128ca92a693499a3f7fa8f Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/41984 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com>	5 years ago