-
Notifications
You must be signed in to change notification settings - Fork 115
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove delta and extended CRL support
Update-Note: The X509_V_FLAG_EXTENDED_CRL_SUPPORT and X509_V_FLAG_USE_DELTAS flags now cause verification to fail. They weren't enabled by any caller. This broadly is meant to disable: - Delta CRLs - Indirect CRLs (When the CRL's issuer is somehow different from the certificate. The security properties for this is very interesting, since it refers to just any other random name under the same trust anchor. Very clearly a remnant of when X.509 was meant to authenticate a global directory. See the rather worrisome comment over check_crl_chain.) - Merging together multiple CRLs that are partitioned by reasons There's some other code we can now unwind, which will be handled in follow-up changes. This CL is meant to be a minimal change to disable them. Though even this minimal change requires we delete a bunch of functions. Bug: 601 Change-Id: I319ab793f480c6b99de86da6077b616f18edf06b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/63929 Reviewed-by: Bob Beck <[email protected]> Auto-Submit: David Benjamin <[email protected]> Commit-Queue: David Benjamin <[email protected]> (cherry picked from commit f86149982323e57050f853c278ce8aa955b681dc)
- Loading branch information
Showing
3 changed files
with
31 additions
and
142 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters