In some situations, the verifier would discard the error on an unvalidatedlibressl-v3.4.3 libressl-v3.4.2

certificate chain. This would happen when the verification callback was in use, instructing the verifier to continue unconditionally. This could lead to incorrect decisions being made in software. This is patches/common/006_x509.patch.sig
author: tb <> 2021-11-24 09:28:56 +0000
committer: tb <> 2021-11-24 09:28:56 +0000
commit: 0f0b16dc977f6ca499f0f4540078d992c96da597 (patch)
tree: 43f0280ff3795786784edb02273862918922c8ba /src/lib/libcrypto/x509/x509_internal.h
parent: d7513e7d4daf94905fd4cb0a5e5c89109d2874f7 (diff)
download: openbsd-libressl-v3.4.2.tar.gz
openbsd-libressl-v3.4.2.tar.bz2
openbsd-libressl-v3.4.2.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_internal.h b/src/lib/libcrypto/x509/x509_internal.h
index 8891aecb13..9878b6febd 100644
--- a/src/lib/libcrypto/x509/x509_internal.h
+++ b/src/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_internal.h,v 1.12 2021/09/03 08:58:53 beck Exp $ */
+/* $OpenBSD: x509_internal.h,v 1.12.2.1 2021/11/24 09:28:55 tb Exp $ */
 /*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
@@ -90,7 +90,7 @@ int x509_vfy_check_revocation(X509_STORE_CTX *ctx);
 int x509_vfy_check_policy(X509_STORE_CTX *ctx);
 int x509_vfy_check_trust(X509_STORE_CTX *ctx);
 int x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx);
-int x509_vfy_callback_indicate_success(X509_STORE_CTX *ctx);
+int x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx);
 void x509v3_cache_extensions(X509 *x);
 X509 *x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x);
author	tb <>	2021-11-24 09:28:56 +0000
committer	tb <>	2021-11-24 09:28:56 +0000
commit	0f0b16dc977f6ca499f0f4540078d992c96da597 (patch)
tree	43f0280ff3795786784edb02273862918922c8ba /src/lib/libcrypto/x509/x509_internal.h
parent	d7513e7d4daf94905fd4cb0a5e5c89109d2874f7 (diff)
download	openbsd-libressl-v3.4.2.tar.gz openbsd-libressl-v3.4.2.tar.bz2 openbsd-libressl-v3.4.2.zip

diff --git a/src/lib/libcrypto/x509/x509_internal.h b/src/lib/libcrypto/x509/x509_internal.h index 8891aecb13..9878b6febd 100644 --- a/src/lib/libcrypto/x509/x509_internal.h +++ b/src/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_internal.h,v 1.12 2021/09/03 08:58:53 beck Exp $ */	1	/* $OpenBSD: x509_internal.h,v 1.12.2.1 2021/11/24 09:28:55 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -90,7 +90,7 @@ int x509_vfy_check_revocation(X509_STORE_CTX *ctx);
90	int x509_vfy_check_policy(X509_STORE_CTX *ctx);	90	int x509_vfy_check_policy(X509_STORE_CTX *ctx);
91	int x509_vfy_check_trust(X509_STORE_CTX *ctx);	91	int x509_vfy_check_trust(X509_STORE_CTX *ctx);
92	int x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx);	92	int x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx);
93	int x509_vfy_callback_indicate_success(X509_STORE_CTX *ctx);	93	int x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx);
94	void x509v3_cache_extensions(X509 *x);	94	void x509v3_cache_extensions(X509 *x);
95	X509 x509_vfy_lookup_cert_match(X509_STORE_CTX ctx, X509 *x);	95	X509 x509_vfy_lookup_cert_match(X509_STORE_CTX ctx, X509 *x);
96		96