| 文件 | 最后提交记录 | 最后更新时间 |
|---|---|---|
fix(pki): harden X509 verification for certificate version, SAN parsing, and security level integration - Reject v1/v2 certificates carrying extensions with HITLS_X509_ERR_VFY_EXTENSIONS_REQUIRE_V3 - Require v3 certificates for intermediate CAs; allow v1/v2 trust anchors without extensions - Fix SAN parsing to properly handle zero-length entries instead of silently skipping them - Fix self-assignment and memory safety in HITLS_X509_SetNameList - Propagate TLS security level to X509 verification secbits check via SetAuthLevel Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1390 | 1 个月前 | |
fix(pki): harden X509 verification for certificate version, SAN parsing, and security level integration - Reject v1/v2 certificates carrying extensions with HITLS_X509_ERR_VFY_EXTENSIONS_REQUIRE_V3 - Require v3 certificates for intermediate CAs; allow v1/v2 trust anchors without extensions - Fix SAN parsing to properly handle zero-length entries instead of silently skipping them - Fix self-assignment and memory safety in HITLS_X509_SetNameList - Propagate TLS security level to X509 verification secbits check via SetAuthLevel Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1390 | 1 个月前 | |
fix(pki): harden X509 verification for certificate version, SAN parsing, and security level integration - Reject v1/v2 certificates carrying extensions with HITLS_X509_ERR_VFY_EXTENSIONS_REQUIRE_V3 - Require v3 certificates for intermediate CAs; allow v1/v2 trust anchors without extensions - Fix SAN parsing to properly handle zero-length entries instead of silently skipping them - Fix self-assignment and memory safety in HITLS_X509_SetNameList - Propagate TLS security level to X509 verification secbits check via SetAuthLevel Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1390 | 1 个月前 | |
fix(pki): harden X509 verification for certificate version, SAN parsing, and security level integration - Reject v1/v2 certificates carrying extensions with HITLS_X509_ERR_VFY_EXTENSIONS_REQUIRE_V3 - Require v3 certificates for intermediate CAs; allow v1/v2 trust anchors without extensions - Fix SAN parsing to properly handle zero-length entries instead of silently skipping them - Fix self-assignment and memory safety in HITLS_X509_SetNameList - Propagate TLS security level to X509 verification secbits check via SetAuthLevel Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1390 | 1 个月前 | |
fix(pki): harden X509 verification for certificate version, SAN parsing, and security level integration - Reject v1/v2 certificates carrying extensions with HITLS_X509_ERR_VFY_EXTENSIONS_REQUIRE_V3 - Require v3 certificates for intermediate CAs; allow v1/v2 trust anchors without extensions - Fix SAN parsing to properly handle zero-length entries instead of silently skipping them - Fix self-assignment and memory safety in HITLS_X509_SetNameList - Propagate TLS security level to X509 verification secbits check via SetAuthLevel Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1390 | 1 个月前 | |
fix(pki): harden X509 verification for certificate version, SAN parsing, and security level integration - Reject v1/v2 certificates carrying extensions with HITLS_X509_ERR_VFY_EXTENSIONS_REQUIRE_V3 - Require v3 certificates for intermediate CAs; allow v1/v2 trust anchors without extensions - Fix SAN parsing to properly handle zero-length entries instead of silently skipping them - Fix self-assignment and memory safety in HITLS_X509_SetNameList - Propagate TLS security level to X509 verification secbits check via SetAuthLevel Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1390 | 1 个月前 | |
fix(pki): harden X509 verification for certificate version, SAN parsing, and security level integration - Reject v1/v2 certificates carrying extensions with HITLS_X509_ERR_VFY_EXTENSIONS_REQUIRE_V3 - Require v3 certificates for intermediate CAs; allow v1/v2 trust anchors without extensions - Fix SAN parsing to properly handle zero-length entries instead of silently skipping them - Fix self-assignment and memory safety in HITLS_X509_SetNameList - Propagate TLS security level to X509 verification secbits check via SetAuthLevel Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1390 | 1 个月前 | |
fix(pki): harden X509 verification for certificate version, SAN parsing, and security level integration - Reject v1/v2 certificates carrying extensions with HITLS_X509_ERR_VFY_EXTENSIONS_REQUIRE_V3 - Require v3 certificates for intermediate CAs; allow v1/v2 trust anchors without extensions - Fix SAN parsing to properly handle zero-length entries instead of silently skipping them - Fix self-assignment and memory safety in HITLS_X509_SetNameList - Propagate TLS security level to X509 verification secbits check via SetAuthLevel Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1390 | 1 个月前 | |
fix(pki): harden X509 verification for certificate version, SAN parsing, and security level integration - Reject v1/v2 certificates carrying extensions with HITLS_X509_ERR_VFY_EXTENSIONS_REQUIRE_V3 - Require v3 certificates for intermediate CAs; allow v1/v2 trust anchors without extensions - Fix SAN parsing to properly handle zero-length entries instead of silently skipping them - Fix self-assignment and memory safety in HITLS_X509_SetNameList - Propagate TLS security level to X509 verification secbits check via SetAuthLevel Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1390 | 1 个月前 | |
fix:clean sensitive information and fix some functions Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1401 | 1 个月前 |
| 文件 | 最后提交记录 | 最后更新时间 |
|---|---|---|
| 1 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 个月前 |