git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit

projects / thirdparty / openssl.git / commit

author	Bob Beck <beck@openssl.org>
	Sat, 20 Dec 2025 19:21:40 +0000 (12:21 -0700)
committer	Neil Horman <nhorman@openssl.org>
	Tue, 24 Feb 2026 14:03:39 +0000 (09:03 -0500)
commit	f584ae959cbc36a297fefa6b677d830709dfc747
tree	b08dd8a0d75bb57335e292017cd2da62e0d512d0	tree \| snapshot
parent	dbc2e1027297f19c32e0f05ec971d315c65906c8	commit \| diff

Let's support multiple names for certificate verification

This adds the functionality to VERIFY_PARAM to separately add multiple
ip's and email addresses for verification purposes.

We then mark the unfortunate SSL_add1_host API which unfortunately
aquired a confusing "maybe add an IP address" behaviour as deprecated.

We replace this with SSL_set1_<dnsname, email, ip, ip_asc> and
SSL_add1_<dnsname, email, ip, ip_asc> to set the things in the SSL
corresponding to the VERIFY_PARAM funcitons.

Fixes: https://github.com/openssl/openssl/issues/28418
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
MergeDate: Tue Feb 24 14:03:42 2026
(Merged from https://github.com/openssl/openssl/pull/29612)

22 files changed:

crypto/x509/v3_utl.c		diff \| blob \| blame \| history
crypto/x509/x509_local.h		diff \| blob \| blame \| history
crypto/x509/x509_vfy.c		diff \| blob \| blame \| history
crypto/x509/x509_vpm.c		diff \| blob \| blame \| history
demos/bio/sconnect.c		diff \| blob \| blame \| history
demos/guide/quic-client-block.c		diff \| blob \| blame \| history
demos/guide/quic-client-non-block.c		diff \| blob \| blame \| history
demos/guide/quic-multi-stream.c		diff \| blob \| blame \| history
demos/guide/tls-client-block.c		diff \| blob \| blame \| history
demos/guide/tls-client-non-block.c		diff \| blob \| blame \| history
demos/http3/ossl-nghttp3.c		diff \| blob \| blame \| history
demos/sslecho/main.c		diff \| blob \| blame \| history
doc/man3/SSL_CTX_dane_enable.pod		diff \| blob \| blame \| history
doc/man3/SSL_set1_host.pod		diff \| blob \| blame \| history
doc/man3/X509_VERIFY_PARAM_set_flags.pod		diff \| blob \| blame \| history
include/openssl/ssl.h.in		diff \| blob \| blame \| history
include/openssl/x509_vfy.h.in		diff \| blob \| blame \| history
ssl/ssl_lib.c		diff \| blob \| blame \| history
test/quic-openssl-docker/hq-interop/quic-hq-interop.c		diff \| blob \| blame \| history
test/verify_extra_test.c		diff \| blob \| blame \| history
util/libcrypto.num		diff \| blob \| blame \| history
util/libssl.num		diff \| blob \| blame \| history

Mirror of https://github.com/openssl/openssl.git

RSS Atom