Store errors that result from leaf certificate verification. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2022-10-17 18:56:54 +0000
committer	jsing <>	2022-10-17 18:56:54 +0000
commit	87bbbdfd185643167555b83c48992d495197809b (patch)
tree	7947de47c2206d6d99f658484d0f7008794837c7 /src/lib/libssl/tls13_lib.c
parent	9ca85afd54f2ef26c0988e91d438dc81e8f88558 (diff)
download	openbsd-87bbbdfd185643167555b83c48992d495197809b.tar.gz openbsd-87bbbdfd185643167555b83c48992d495197809b.tar.bz2 openbsd-87bbbdfd185643167555b83c48992d495197809b.zip

Store errors that result from leaf certificate verification.

In the case that a verification callback is installed that tells the verifier to continue when a certificate is invalid (e.g. expired), any error resulting from the leaf certificate verification is not stored and made available post verification, resulting in an incorrect error being returned. Also perform leaf certificate verification prior to adding the chain, which avoids a potential memory leak (as noted by tb@). Issue reported by Ilya Shipitsin, who encountered haproxy regress failures. ok tb@

Diffstat (limited to 'src/lib/libssl/tls13_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: