summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsthen <>2014-04-17 09:18:20 +0000
committersthen <>2014-04-17 09:18:20 +0000
commit756746acc117fe6a489f63c279e06597e416d759 (patch)
tree0f7a90ae26640f82ec03054b479867cb2432709b
parent6b153b07e65bb8f830dbd3b6e562c9014200091b (diff)
downloadopenbsd-756746acc117fe6a489f63c279e06597e416d759.tar.gz
openbsd-756746acc117fe6a489f63c279e06597e416d759.tar.bz2
openbsd-756746acc117fe6a489f63c279e06597e416d759.zip
OpenSSL PR#3309: when looking for an extension, set the last found position
to -1 to properly search all extensions. ok tedu@ From http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=300b9f0b70
Diffstat
-rw-r--r--src/lib/libcrypto/x509v3/v3_purp.c6
-rw-r--r--src/lib/libssl/src/crypto/x509v3/v3_purp.c6
2 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index ad688657e0..f59bfc1844 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -389,8 +389,8 @@ static void x509v3_cache_extensions(X509 *x)
389 /* Handle proxy certificates */ 389 /* Handle proxy certificates */
390 if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { 390 if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
391 if (x->ex_flags & EXFLAG_CA 391 if (x->ex_flags & EXFLAG_CA
392 || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0 392 || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
393 || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { 393 || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
394 x->ex_flags |= EXFLAG_INVALID; 394 x->ex_flags |= EXFLAG_INVALID;
395 } 395 }
396 if (pci->pcPathLengthConstraint) { 396 if (pci->pcPathLengthConstraint) {
@@ -670,7 +670,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
670 return 0; 670 return 0;
671 671
672 /* Extended Key Usage MUST be critical */ 672 /* Extended Key Usage MUST be critical */
673 i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0); 673 i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1);
674 if (i_ext >= 0) 674 if (i_ext >= 0)
675 { 675 {
676 X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext); 676 X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_purp.c b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
index ad688657e0..f59bfc1844 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_purp.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
@@ -389,8 +389,8 @@ static void x509v3_cache_extensions(X509 *x)
389 /* Handle proxy certificates */ 389 /* Handle proxy certificates */
390 if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { 390 if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
391 if (x->ex_flags & EXFLAG_CA 391 if (x->ex_flags & EXFLAG_CA
392 || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0 392 || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
393 || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { 393 || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
394 x->ex_flags |= EXFLAG_INVALID; 394 x->ex_flags |= EXFLAG_INVALID;
395 } 395 }
396 if (pci->pcPathLengthConstraint) { 396 if (pci->pcPathLengthConstraint) {
@@ -670,7 +670,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
670 return 0; 670 return 0;
671 671
672 /* Extended Key Usage MUST be critical */ 672 /* Extended Key Usage MUST be critical */
673 i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0); 673 i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1);
674 if (i_ext >= 0) 674 if (i_ext >= 0)
675 { 675 {
676 X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext); 676 X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:40:52 +0000