| Age | Commit message (Collapse) | Author |
|---|
|
path
|
|
testsuite: bless facility
|
|
|
|
|
|
Add keep_environment, add_environment.
Change the working directory to "/" during the early startup
phase.
(cherry picked from commit 2b92b67bfc33efe05e6ff2ea3852731ac2273832)
(cherry picked from commit 14b82c8b736c8ed24eda144f57703cb9feac6323)
(cherry picked from commit 9ca92d0c6e9c6f161bd8111366c6952d3a9315e2)
(cherry picked from commit 0020c6d9ecfd98ed7b2b337ed4f898fdc409784b)
(cherry picked from commit e8f96966360ea8867ad6a8b5affda6c37fa4958c)
(cherry picked from commit ef6fb807c1e1a665f444f644c60c77269f7c5209)
|
|
|
|
|
|
and smtp transport option hosts_request_ocsp
|
|
Server:
Honor environment variable as well as running_in_test_harness in permitting bogus staplings
Update server tests
Add "-ocsp" option to client-ssl.
Server side: add verification of stapled status.
First cut server-mode ocsp testing.
Fix some uninitialized ocsp-related data.
Client (new):
Verify stapling using only the chain that verified the server cert, not any acceptable chain.
Add check for multiple responses in a stapling, which is not handled
Refuse verification on expired and revoking staplings.
Handle OCSP client refusal on lack of stapling from server.
More fixing in client OCSP: use the server cert signing chain to verify the OCSP info.
Add transport hosts_require_ocsp option.
Log stapling responses.
Start on tests for client-side.
Testing support:
Add CRL generation code and documentation update
Initial CA & certificate set for testing.
BUGFIX:
Once a single OCSP response has been extracted the validation
routine return code is no longer about the structure, but the actual
returned OCSP status.
|
