What's Changed
-
Backport X509 certificate verification optimizations to AWS-LC-FIPS-2.x by @samuel40791765 in #1611
- 31d5dce: Stop using time_t internally. For publicly exposed and used
inputs that rely on time_t, _posix versions are added to
support providing times as an int64_t, and internal
use is changed to use the _posix version. - 4e32cc5: When looking for the issuer of a certificate, if the current
certificate candidate is expired, X509_verify_cert will
continue searching for a valid cert. An expired certificate is
only returned if no valid certificates are found. This lets
AWS-LC gain feature parity with OpenSSL 1.1.1. - 9bed1c9: Tweak test introduced by 4e32cc5.
- 31d5dce: Stop using time_t internally. For publicly exposed and used
-
AWS-LC-FIPS-2.0.11 release preparation by @samuel40791765 in #1614
Full Changelog: AWS-LC-FIPS-2.0.10...AWS-LC-FIPS-2.0.11