In some situations, the verifier would discard the error on an unvalidated

certificte chain. This would happen when the verification callback was in use, instructing the verifier to continue unconditionally. This could lead to incorrect decisions being made in software.
author: beck <> 2021-11-24 05:38:12 +0000
committer: beck <> 2021-11-24 05:38:12 +0000
commit: a7183a22e5a6bba197f777a1affcd0b0a56fd576 (patch)
tree: aa24e5059056bbf6faad312217d9a1a414b6b213 /src/lib/libcrypto/x509/x509_internal.h
parent: 61f85f5283a01224548085f548fbf75b2ae1fd26 (diff)
download: openbsd-a7183a22e5a6bba197f777a1affcd0b0a56fd576.tar.gz
openbsd-a7183a22e5a6bba197f777a1affcd0b0a56fd576.tar.bz2
openbsd-a7183a22e5a6bba197f777a1affcd0b0a56fd576.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_internal.h b/src/lib/libcrypto/x509/x509_internal.h
index a9b584b13e..9ac0c2bbde 100644
--- a/src/lib/libcrypto/x509/x509_internal.h
+++ b/src/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_internal.h,v 1.15 2021/11/04 23:52:34 beck Exp $ */
+/* $OpenBSD: x509_internal.h,v 1.16 2021/11/24 05:38:12 beck Exp $ */
 /*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
@@ -92,7 +92,7 @@ int x509_vfy_check_revocation(X509_STORE_CTX *ctx);
 int x509_vfy_check_policy(X509_STORE_CTX *ctx);
 int x509_vfy_check_trust(X509_STORE_CTX *ctx);
 int x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx);
-int x509_vfy_callback_indicate_success(X509_STORE_CTX *ctx);
+int x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx);
 void x509v3_cache_extensions(X509 *x);
 X509 *x509_vfy_lookup_cert_match(X509_STORE_CTX *ctx, X509 *x);
author	beck <>	2021-11-24 05:38:12 +0000
committer	beck <>	2021-11-24 05:38:12 +0000
commit	a7183a22e5a6bba197f777a1affcd0b0a56fd576 (patch)
tree	aa24e5059056bbf6faad312217d9a1a414b6b213 /src/lib/libcrypto/x509/x509_internal.h
parent	61f85f5283a01224548085f548fbf75b2ae1fd26 (diff)
download	openbsd-a7183a22e5a6bba197f777a1affcd0b0a56fd576.tar.gz openbsd-a7183a22e5a6bba197f777a1affcd0b0a56fd576.tar.bz2 openbsd-a7183a22e5a6bba197f777a1affcd0b0a56fd576.zip

diff --git a/src/lib/libcrypto/x509/x509_internal.h b/src/lib/libcrypto/x509/x509_internal.h index a9b584b13e..9ac0c2bbde 100644 --- a/src/lib/libcrypto/x509/x509_internal.h +++ b/src/lib/libcrypto/x509/x509_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_internal.h,v 1.15 2021/11/04 23:52:34 beck Exp $ */	1	/* $OpenBSD: x509_internal.h,v 1.16 2021/11/24 05:38:12 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -92,7 +92,7 @@ int x509_vfy_check_revocation(X509_STORE_CTX *ctx);
92	int x509_vfy_check_policy(X509_STORE_CTX *ctx);	92	int x509_vfy_check_policy(X509_STORE_CTX *ctx);
93	int x509_vfy_check_trust(X509_STORE_CTX *ctx);	93	int x509_vfy_check_trust(X509_STORE_CTX *ctx);
94	int x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx);	94	int x509_vfy_check_chain_extensions(X509_STORE_CTX *ctx);
95	int x509_vfy_callback_indicate_success(X509_STORE_CTX *ctx);	95	int x509_vfy_callback_indicate_completion(X509_STORE_CTX *ctx);
96	void x509v3_cache_extensions(X509 *x);	96	void x509v3_cache_extensions(X509 *x);
97	X509 x509_vfy_lookup_cert_match(X509_STORE_CTX ctx, X509 *x);	97	X509 x509_vfy_lookup_cert_match(X509_STORE_CTX ctx, X509 *x);
98		98