diff options
| author | beck <> | 2022-11-13 18:37:32 +0000 |
|---|---|---|
| committer | beck <> | 2022-11-13 18:37:32 +0000 |
| commit | b10fff2d2486c7f66b4a443e8ad68ef2b2021928 (patch) | |
| tree | 92c8eb7340d7ea5f92ee37794cea4b1cb98a4c26 /src/lib/libcrypto/x509/x509_trs.c | |
| parent | b2adf01da2682fbf7809dc301d850a728803bffd (diff) | |
| download | openbsd-b10fff2d2486c7f66b4a443e8ad68ef2b2021928.tar.gz openbsd-b10fff2d2486c7f66b4a443e8ad68ef2b2021928.tar.bz2 openbsd-b10fff2d2486c7f66b4a443e8ad68ef2b2021928.zip | |
Check certificate extensions in trusted certificates.
Historically the standards let the implementation decide to
either check or ignore the certificate properties of trust anchors.
You could either use them simply as a source of a public key which
was trusted for everything, or you were also permitted to check the
certificate properties and fully enforce them. Hooray for freedumb.
OpenSSL changed to checking these with :
commit 0daccd4dc1f1ac62181738a91714f35472e50f3c
Author: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Thu Jan 28 03:01:45 2016 -0500
BoringSSL currently does not check them, as it also inherited
the previous OpenSSL behaviour. It will change to check them in
the future.
(https://bugs.chromium.org/p/boringssl/issues/detail?id=533)
Diffstat (limited to 'src/lib/libcrypto/x509/x509_trs.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_trs.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index a967edf933..23eca4927b 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_trs.c,v 1.26 2022/11/10 16:52:19 beck Exp $ */ | 1 | /* $OpenBSD: x509_trs.c,v 1.27 2022/11/13 18:37:32 beck Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -110,8 +110,8 @@ int | |||
| 110 | return oldtrust; | 110 | return oldtrust; |
| 111 | } | 111 | } |
| 112 | 112 | ||
| 113 | int | 113 | static int |
| 114 | X509_check_trust(X509 *x, int id, int flags) | 114 | X509_check_trust_internal(X509 *x, int id, int flags, int compat) |
| 115 | { | 115 | { |
| 116 | X509_TRUST *pt; | 116 | X509_TRUST *pt; |
| 117 | int idx; | 117 | int idx; |
| @@ -132,7 +132,7 @@ X509_check_trust(X509 *x, int id, int flags) | |||
| 132 | rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); | 132 | rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); |
| 133 | if (rv != X509_TRUST_UNTRUSTED) | 133 | if (rv != X509_TRUST_UNTRUSTED) |
| 134 | return rv; | 134 | return rv; |
| 135 | return trust_compat(NULL, x, 0); | 135 | return compat && trust_compat(NULL, x, 0); |
| 136 | } | 136 | } |
| 137 | idx = X509_TRUST_get_by_id(id); | 137 | idx = X509_TRUST_get_by_id(id); |
| 138 | if (idx == -1) | 138 | if (idx == -1) |
| @@ -142,6 +142,18 @@ X509_check_trust(X509 *x, int id, int flags) | |||
| 142 | } | 142 | } |
| 143 | 143 | ||
| 144 | int | 144 | int |
| 145 | X509_check_trust(X509 *x, int id, int flags) | ||
| 146 | { | ||
| 147 | return X509_check_trust_internal(x, id, flags, /*compat =*/1); | ||
| 148 | } | ||
| 149 | |||
| 150 | int | ||
| 151 | x509_check_trust_no_compat(X509 *x, int id, int flags) | ||
| 152 | { | ||
| 153 | return X509_check_trust_internal(x, id, flags, /*compat =*/0); | ||
| 154 | } | ||
| 155 | |||
| 156 | int | ||
| 145 | X509_TRUST_get_count(void) | 157 | X509_TRUST_get_count(void) |
| 146 | { | 158 | { |
| 147 | if (!trtable) | 159 | if (!trtable) |