summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_cert.c
diff options
context:
space:
mode:
authortb <>2024-05-28 15:40:38 +0000
committertb <>2024-05-28 15:40:38 +0000
commitb9c59e2e09e7a6efaa76dde887001001d9f0d3c3 (patch)
tree58662c1e8cc9049aa5b0bb12bf13fe1494a5c9e5 /src/lib/libssl/ssl_cert.c
parent66d8c839721cbc66fda480fd1a4b0da9d7df5f55 (diff)
downloadopenbsd-b9c59e2e09e7a6efaa76dde887001001d9f0d3c3.tar.gz
openbsd-b9c59e2e09e7a6efaa76dde887001001d9f0d3c3.tar.bz2
openbsd-b9c59e2e09e7a6efaa76dde887001001d9f0d3c3.zip
Clean up and fix X509V3_EXT_add1_i2d()
When looking at this code I noticed a few leaks. Fixing those leaks was straightforward, but following the code was really hard. This attempts to make the logic a bit clearer. In short, there are 6 mutually exclusive modes for this function (passed in the variable aptly called flags). The default mode is to append the extension of type nid and to error if such an extension already exists. Then there are other modes with varying degree of madness. The existing code didn't make X509V3_ADD_REPLACE explicit, which is confusing. Operations 6-15 would all be treated like X509V3_ADD_REPLACE due to the way the function was written. Handle the supported operations via a switch and error for operations 6-15. This and the elimination of leaks are the only changes of behavior, as validated by relatively extensive test coverage. ok jsing
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions