master OpenSSL 1.1.1 cert verification port (#239)
an attempt to port over verify_chain (build_chain) and related bits from OpenSSL 1.1.1
JOSSL's current certificate verification algorithm is rather straightforward and dates back to OpenSSL 0.9 days.
Several times we tried porting over newer code to enhance verification (e.g. to consider alternate chains) but failed due the magnitude of the task.
The PR is an attempt for a minimal viable product in terms of OpenSSL 1.1.1 compatible chain verification.
No relevant security features should be missing - if so than they are likely not present in the legacy algorithm as well.
-
615.1AMD64preciseJDK: oraclejdk8 Ruby: jruby-9.2.12.0Gitno environment variables set
-
615.2AMD64preciseJDK: oraclejdk8 Ruby: jruby-9.2.9.0Gitno environment variables set
-
615.3AMD64preciseJDK: oraclejdk8 Ruby: jruby-1.7.27Gitno environment variables set
-
615.4AMD64preciseJDK: openjdk7 Ruby: jruby-1.7.24Gitno environment variables set
-
615.5AMD64preciseJDK: oraclejdk11 Ruby: jruby-9.2.11.1Gitno environment variables set
-
615.6AMD64preciseJDK: openjdk7 Ruby: jruby-9.1.17.0GitBUNDLE_INSTALL=0
-
615.7AMD64preciseJDK: oraclejdk8 Ruby: jruby-9.2.12.0GitBUNDLE_INSTALL=0
Allowed Failures
-
615.8AMD64preciseJDK: oraclejdk8 Ruby: jruby-headGitno environment variables set
-
615.9AMD64preciseJDK: oraclejdk11 Ruby: jruby-headGitno environment variables set
-
615.10AMD64preciseJDK: openjdk7 Ruby: jruby-1.7.27Gitno environment variables set
-
615.11AMD64preciseJDK: oraclejdk8 Ruby: jruby-9.2.8.0Gitno environment variables set
-
615.12AMD64preciseJDK: openjdk7 Ruby: jruby-9.1.17.0Gitno environment variables set
-
615.13AMD64preciseJDK: oraclejdk11 Ruby: jruby-9.2.12.0Gitno environment variables set