AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.
Other
354
stars
111
forks
source link
Backport X509 certificate verification optimizations to AWS-LC-FIPS-2.x #1611
31d5dce: Stop using time_t internally. For publicly exposed and used
inputs that rely on time_t, _posix versions are added to
support providing times as an int64_t, and internal
use is changed to use the _posix version.
4e32cc5: When looking for the issuer of a certificate, if the current
certificate candidate is expired, X509_verify_cert will
continue searching for a valid cert. An expired certificate is
only returned if no valid certificates are found. This lets
AWS-LC gain feature parity with OpenSSL 1.1.1.
9bed1c9: Tweak test introduced by 4e32cc5.
All changes above reside outside our FIPS boundary and do not change
the integrity hash of our static build on validated platforms.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
31d5dce: Stop using time_t internally. For publicly exposed and used inputs that rely on time_t, _posix versions are added to support providing times as an int64_t, and internal use is changed to use the _posix version.
4e32cc5: When looking for the issuer of a certificate, if the current certificate candidate is expired, X509_verify_cert will continue searching for a valid cert. An expired certificate is only returned if no valid certificates are found. This lets AWS-LC gain feature parity with OpenSSL 1.1.1.
9bed1c9: Tweak test introduced by 4e32cc5.
All changes above reside outside our FIPS boundary and do not change the integrity hash of our static build on validated platforms.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.