Google Git
Sign in
flutter / third_party / openssl / 55a6250f1e7336e8a7d89fb609eb23398715ff6f
commit55a6250f1e7336e8a7d89fb609eb23398715ff6f[log] [tgz]
authorViktor Dukhovni <openssl-users@dukhovni.org>Tue May 22 01:09:25 2018 -0400
committerViktor Dukhovni <openssl-users@dukhovni.org>Wed May 23 11:12:17 2018 -0400
tree06575da5e57dc6bd8c1cef488c655df0e79cd4f5
parentd02d80b2e80adfdde49f76cf7c7af4e013f45005 [diff]
Skip CN DNS name constraint checks when not needed

Only check the CN against DNS name contraints if the
`X509_CHECK_FLAG_NEVER_CHECK_SUBJECT` flag is not set, and either the
certificate has no DNS subject alternative names or the
`X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT` flag is set.

Add pertinent documentation, and touch up some stale text about
name checks and DANE.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
5 files changed
tree: 06575da5e57dc6bd8c1cef488c655df0e79cd4f5
  1. .github/
  2. apps/
  3. Configurations/
  4. crypto/
  5. demos/
  6. doc/
  7. engines/
  8. external/
  9. fuzz/
  10. include/
  11. ms/
  12. os-dep/
  13. ssl/
  14. test/
  15. tools/
  16. util/
  17. VMS/
  18. boringssl
  19. krb5
  20. pyca-cryptography
  21. .gitattributes
  22. .gitignore
  23. .gitmodules
  24. .travis-apt-pin.preferences
  25. .travis-create-release.sh
  26. .travis.yml
  27. ACKNOWLEDGEMENTS
  28. appveyor.yml
  29. AUTHORS
  30. build.info
  31. CHANGES
  32. config
  33. config.com
  34. Configure
  35. CONTRIBUTING
  36. e_os.h
  37. FAQ
  38. INSTALL
  39. LICENSE
  40. NEWS
  41. NOTES.ANDROID
  42. NOTES.DJGPP
  43. NOTES.PERL
  44. NOTES.UNIX
  45. NOTES.VMS
  46. NOTES.WIN
  47. README
  48. README.ENGINE
  49. README.FIPS