diff options
author | beck <> | 2022-06-28 07:56:34 +0000 |
---|---|---|
committer | beck <> | 2022-06-28 07:56:34 +0000 |
commit | 355c949cf9ad60bf97cba6f09a938127c655e98a (patch) | |
tree | 435b35111450a62496cf4ac38a00aa704fe6980a /src/lib/libcrypto/ecdsa/ecdsa.h | |
parent | 3fb1d6ae7e7ceee89a501feeb7b20aa3b6eb6d27 (diff) | |
download | openbsd-355c949cf9ad60bf97cba6f09a938127c655e98a.tar.gz openbsd-355c949cf9ad60bf97cba6f09a938127c655e98a.tar.bz2 openbsd-355c949cf9ad60bf97cba6f09a938127c655e98a.zip |
Fix the legacy verifier callback behaviour for untrusted certs.
The verifier callback is used by mutt to do a form of certificate
pinning where the callback gets fired and depending on a
cert saved to a file will decide to accept an untrusted cert.
This corrects two problems that affected this. The callback was not
getting the correct depth and chain for the error where mutt would
save the certificate in the first place, and then the callback was not
getting fired to allow it to override the failing certificate
validation.
thanks to Avon Robertson <avon.r@xtra.co.nz> for the report and
sthen@ for analysis.
"The callback is not an API, it's a gordian knot - tb@"
ok jsing@
Diffstat (limited to 'src/lib/libcrypto/ecdsa/ecdsa.h')
0 files changed, 0 insertions, 0 deletions