Fix the legacy verifier callback behaviour for untrusted certs. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	beck <>	2022-06-28 07:56:34 +0000
committer	beck <>	2022-06-28 07:56:34 +0000
commit	355c949cf9ad60bf97cba6f09a938127c655e98a (patch)
tree	435b35111450a62496cf4ac38a00aa704fe6980a /src/lib/libssl/ssl_seclevel.c
parent	3fb1d6ae7e7ceee89a501feeb7b20aa3b6eb6d27 (diff)
download	openbsd-355c949cf9ad60bf97cba6f09a938127c655e98a.tar.gz openbsd-355c949cf9ad60bf97cba6f09a938127c655e98a.tar.bz2 openbsd-355c949cf9ad60bf97cba6f09a938127c655e98a.zip

Fix the legacy verifier callback behaviour for untrusted certs.

The verifier callback is used by mutt to do a form of certificate pinning where the callback gets fired and depending on a cert saved to a file will decide to accept an untrusted cert. This corrects two problems that affected this. The callback was not getting the correct depth and chain for the error where mutt would save the certificate in the first place, and then the callback was not getting fired to allow it to override the failing certificate validation. thanks to Avon Robertson <avon.r@xtra.co.nz> for the report and sthen@ for analysis. "The callback is not an API, it's a gordian knot - tb@" ok jsing@

Diffstat (limited to 'src/lib/libssl/ssl_seclevel.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: