Move leaf certificate checks to the last thing after chain validation. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	beck <>	2022-06-25 20:01:43 +0000
committer	beck <>	2022-06-25 20:01:43 +0000
commit	8f49e18d8b58138d52d4c7d55385ef2f47508529 (patch)
tree	a057ee19ce4f7b27f7b8864ab578d7746ac590e9 /src/lib/libcrypto/x509/x509_constraints.c
parent	45d168a6140632da2ca76c8437622ccf56118001 (diff)
download	openbsd-8f49e18d8b58138d52d4c7d55385ef2f47508529.tar.gz openbsd-8f49e18d8b58138d52d4c7d55385ef2f47508529.tar.bz2 openbsd-8f49e18d8b58138d52d4c7d55385ef2f47508529.zip

Move leaf certificate checks to the last thing after chain validation.

While seemingly illogical and not what is done in Go's validator, this mimics OpenSSL's behavior so that callback overrides for the expiry of a certificate will not "sticky" override a failure to build a chain. ok jsing@

Diffstat (limited to 'src/lib/libcrypto/x509/x509_constraints.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: