summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_vpm.c
diff options
context:
space:
mode:
authorbeck <>2023-04-28 16:50:16 +0000
committerbeck <>2023-04-28 16:50:16 +0000
commit894a54df05aae48b1ccfb4d0acd6170e67c7bd80 (patch)
treec1ffb128d53575a3341638cccf75fcf2d6427d05 /src/lib/libcrypto/x509/x509_vpm.c
parent1ce60b4afbf4cde527424c04352d010e0bafb51b (diff)
downloadopenbsd-894a54df05aae48b1ccfb4d0acd6170e67c7bd80.tar.gz
openbsd-894a54df05aae48b1ccfb4d0acd6170e67c7bd80.tar.bz2
openbsd-894a54df05aae48b1ccfb4d0acd6170e67c7bd80.zip
Enable policy checking by default now that we are DAG implementation based.
This ensures that we will no longer silently ignore a certificate with a critical policy extention by default. ok tb@
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/x509/x509_vpm.c5
1 files changed, 1 insertions, 4 deletions
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c
index 9ac3f929dc..4896fe8b7e 100644
--- a/src/lib/libcrypto/x509/x509_vpm.c
+++ b/src/lib/libcrypto/x509/x509_vpm.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_vpm.c,v 1.36 2023/04/16 19:16:32 tb Exp $ */ 1/* $OpenBSD: x509_vpm.c,v 1.37 2023/04/28 16:50:16 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2004. 3 * project 2004.
4 */ 4 */
@@ -418,8 +418,6 @@ int
418X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) 418X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
419{ 419{
420 param->flags |= flags; 420 param->flags |= flags;
421 if (flags & X509_V_FLAG_POLICY_MASK)
422 param->flags |= X509_V_FLAG_POLICY_CHECK;
423 return 1; 421 return 1;
424} 422}
425LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_flags); 423LCRYPTO_ALIAS(X509_VERIFY_PARAM_set_flags);
@@ -527,7 +525,6 @@ X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
527 return 0; 525 return 0;
528 } 526 }
529 } 527 }
530 param->flags |= X509_V_FLAG_POLICY_CHECK;
531 return 1; 528 return 1;
532} 529}
533LCRYPTO_ALIAS(X509_VERIFY_PARAM_set1_policies); 530LCRYPTO_ALIAS(X509_VERIFY_PARAM_set1_policies);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-25 14:44:10 +0000