openbsd/src/lib/libcrypto/x509, branch libressl-v3.7.0

openbsd/src/lib/libcrypto/x509, branch libressl-v3.7.0 A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v3.7.0 2022-12-01T05:27:04+00:00 Annotate X509_V_FLAG_CB_ISSUER_CHECK as deprecated and unused 2022-12-01T05:27:04+00:00 tb 2022-12-01T05:27:04+00:00 urn:sha1:6d0099990bf54a147d3a342157f5703ef4d85981 Retire X509_V_FLAG_CB_ISSUER_CHECK 2022-12-01T05:20:30+00:00 tb 2022-12-01T05:20:30+00:00 urn:sha1:7618a48303e6c8377440547f26833df6a1fd6c3b This flag has been deprecated in OpenSSL 1.1 and has not had an effect since. This way we can simplify the default check_issued() callback, which helpfully has its arguments reversed compared to the public API X509_check_issued(). ok jsing Getters and setters for the check_issued() callback 2022-12-01T05:16:08+00:00 tb 2022-12-01T05:16:08+00:00 urn:sha1:a903cae4f3dd069a89381c4d29495971d39b0401 Open62541 uses X509_STORE_CTX_get_check_issued(), so provide it along with X509_STORE_{get,set}_check_issued(). As you would expect, they all return or take an X509_STORE_CTX_check_issued_fn. The getters aren't const in OpenSSL 1.1, but they now are in OpenSSL 3... These will be made available in the next minor bump and will ship in the stable release of LibreSSL 3.7 Part of OpenSSL commit 1060a50b See also https://github.com/libressl-portable/portable/issues/748 ok beck jsing Remove a few doubled spaces and wrap an overlong line 2022-11-29T12:23:43+00:00 tb 2022-11-29T12:23:43+00:00 urn:sha1:c488b39b89a1341d5334183f48797a9aa865d553 Sort a few outliers by increasing error number to match x509_vfy.h 2022-11-29T07:23:03+00:00 tb 2022-11-29T07:23:03+00:00 urn:sha1:257bc3cb573f59bc93215ad4acbaad2524329309 Fix includes 2022-11-29T07:12:17+00:00 tb 2022-11-29T07:12:17+00:00 urn:sha1:95494980645428cbe0f13384bc837bc145eef580 No need for errno, stdio, time, asn1, buffer, evp, lhash, objects, x509 for a switch containing string constants. We do need x509_vfy instead. Add missing X509_V_ERR_UNSPECIFIED case 2022-11-29T07:08:41+00:00 tb 2022-11-29T07:08:41+00:00 urn:sha1:bb7c2b5347cc4c591c848eb601b8e30801ca64c6 Fix some KNF issues 2022-11-29T07:06:12+00:00 tb 2022-11-29T07:06:12+00:00 urn:sha1:51aeda5af0c90a1c162365fc7404958f97d270bd Requested by claudio Make X509_verify_cert_error_string() thread safe 2022-11-29T07:03:40+00:00 tb 2022-11-29T07:03:40+00:00 urn:sha1:fec93266d59a68c5d1ffb4bdd1a15698dae53a15 Stop returning a pointer to a static buffer containing the error code on unknown error. While this might be helpful, it's not going to end well. ok beck claudio jsing Fix NULL dereference in x509_constraints_uri_host() 2022-11-28T07:22:15+00:00 tb 2022-11-28T07:22:15+00:00 urn:sha1:4eccf1715855e95020641b0b70e41a649ac9833c When called from v2i, hostpart in x509_constraints_uri_host() is NULL, so add a NULL check before storing the strdup result in it. From Anton Borowka ok jsing miod