)]}' { "commit": "d7266ecc9bf92ffad277bc39653919da79c8f42b", "tree": "b11902db8a834b965947f16f2ad83136e93d3f80", "parents": [ "1a51a5b4a6bdf7ee11b443f21f08dc2ba2de9815" ], "author": { "name": "Jesse Selover", "email": "jselover@google.com", "time": "Wed Jan 30 16:06:10 2019 -0500" }, "committer": { "name": "CQ bot account: commit-bot@chromium.org", "email": "commit-bot@chromium.org", "time": "Wed Jan 30 21:28:34 2019 +0000" }, "message": "Enforce key usage for RSA keys in TLS 1.2.\n\nFor now, this is off by default and controlled by SSL_set_enforce_rsa_key_usage.\nThis may be set as late as certificate verification so we may start by enforcing\nit for known roots.\n\nGeneralizes ssl_cert_check_digital_signature_key_usage to check any part of the\nkey_usage, and adds a new error KEY_USAGE_BIT_INCORRECT for the generalized\nmethod.\n\nBug: chromium:795089\nChange-Id: Ifa504c321bec3263a4e74f2dc48513e3b895d3ee\nReviewed-on: https://boringssl-review.googlesource.com/c/34604\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "f62416cdb6f8ec10da7107665f10fb71f63b5d48", "old_mode": 33188, "old_path": "crypto/err/ssl.errordata", "new_id": "ddb383c358351d892abae882b315d0131642b34d", "new_mode": 33188, "new_path": "crypto/err/ssl.errordata" }, { "type": "modify", "old_id": "52d713aaca49a7105082339622ae7deaa484fca5", "old_mode": 33188, "old_path": "include/openssl/ssl.h", "new_id": "fa0f6b2be70f0e7bb90d53e12d3698e859700687", "new_mode": 33188, "new_path": "include/openssl/ssl.h" }, { "type": "modify", "old_id": "e2b1ffe92685dfd1cfa6fedd717fb0b24f196ff8", "old_mode": 33188, "old_path": "ssl/handshake_client.cc", "new_id": "b0de6708677fe0b228962021cb8ac93627cc5df3", "new_mode": 33188, "new_path": "ssl/handshake_client.cc" }, { "type": "modify", "old_id": "158a233ced3240a9033ee837c4d89efbbaf2e505", "old_mode": 33188, "old_path": "ssl/internal.h", "new_id": "2c7f606e47ac54287d60cb62975e18760088195c", "new_mode": 33188, "new_path": "ssl/internal.h" }, { "type": "modify", "old_id": "d23e1e63c71546e3f30493362dbb3a0e792c4fe0", "old_mode": 33188, "old_path": "ssl/ssl_cert.cc", "new_id": "52a1ddf35c12df088ac97232d4a82d7c034fbac6", "new_mode": 33188, "new_path": "ssl/ssl_cert.cc" }, { "type": "modify", "old_id": "bcf4bd22efc94e16492acfd2387b6c4a1ca5dd2e", "old_mode": 33188, "old_path": "ssl/ssl_lib.cc", "new_id": "a4f204448e6875963ffb3007c3c44a22acdfdf87", "new_mode": 33188, "new_path": "ssl/ssl_lib.cc" }, { "type": "modify", "old_id": "34cb1096b5e311df83c597602fa3410b65e0c205", "old_mode": 33188, "old_path": "ssl/test/runner/runner.go", "new_id": "8430ae48d70e88d79b9a241ef5c6d81fb6333617", "new_mode": 33188, "new_path": "ssl/test/runner/runner.go" }, { "type": "modify", "old_id": "2f53156a16a685a08a555919b7ca5e4c1865e3b0", "old_mode": 33188, "old_path": "ssl/test/test_config.cc", "new_id": "70e061b06689ad7e7611ce9e6387f9d5c5717779", "new_mode": 33188, "new_path": "ssl/test/test_config.cc" }, { "type": "modify", "old_id": "8b63bc8e2111c3bf81d8a80fff224e3d9acd7a27", "old_mode": 33188, "old_path": "ssl/test/test_config.h", "new_id": "9221d6f1d3984af80d71dbe5480305778a8a31d5", "new_mode": 33188, "new_path": "ssl/test/test_config.h" }, { "type": "modify", "old_id": "eb1c15edbde43d6e5527eb364b3617ad4a4b2cc1", "old_mode": 33188, "old_path": "ssl/tls13_both.cc", "new_id": "ba5719fd863ed6dadb2d3c13cfb37f6e13fe3273", "new_mode": 33188, "new_path": "ssl/tls13_both.cc" } ] }