Add compliance checks for the X.509 version field - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	job <>	2023-04-23 21:31:16 +0000
committer	job <>	2023-04-23 21:31:16 +0000
commit	182c5d6fe4249dcf1252e2a8985431d3f12968d6 (patch)
tree	6845cb5f4e2722640f5effb72fa388651a08a748 /src/lib/libcrypto/stack/stack.c
parent	13ba643374d5ff84130d05ec7c88f7fd1e4c2308 (diff)
download	openbsd-182c5d6fe4249dcf1252e2a8985431d3f12968d6.tar.gz openbsd-182c5d6fe4249dcf1252e2a8985431d3f12968d6.tar.bz2 openbsd-182c5d6fe4249dcf1252e2a8985431d3f12968d6.zip

Add compliance checks for the X.509 version field

Check whether the X.509 version is in the range of valid version values, and also checks whether the version is consistent with fields new to those versions (such as X.509 v3 extensions). X.690 section 11.5 states: "The encoding of a set value or a sequence value shall not include an encoding for any component value which is equal to its default value." However, enforcing version 1 (value 0) to be absent reportedly caused some issues as recent as July 2020, so accept version 1 even if it is explicitly encoded. OK tb@ beck@

Diffstat (limited to 'src/lib/libcrypto/stack/stack.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: