summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_lib.c
diff options
context:
space:
mode:
authorbeck <>2024-03-25 00:05:49 +0000
committerbeck <>2024-03-25 00:05:49 +0000
commite9b001f0ec0e1d250cdf229432ac3949a3580968 (patch)
treee85f499e6080f22102d08a49b6f7ce777768d4c3 /src/lib/libssl/tls13_lib.c
parentba4c518e207b14a673a38e3d710160e9011bc408 (diff)
downloadopenbsd-e9b001f0ec0e1d250cdf229432ac3949a3580968.tar.gz
openbsd-e9b001f0ec0e1d250cdf229432ac3949a3580968.tar.bz2
openbsd-e9b001f0ec0e1d250cdf229432ac3949a3580968.zip
Remove unnecessary stat() calls from by_dir
When searching for a CA or CRL file in by_dir, this stat() was used to short circuit attempting to open the file with X509_load_cert_file(). This was a deliberate TOCTOU introduced to avoid setting an error on the error stack, when what you really want to say is "we couldn't find a CA" and continue merrily on your way. As it so happens you really do not care why the load_file failed in any of these cases, it all boils down to "I can't find the CA or CRL". Instead we just omit the stat call, and clear the error stack if the load_file fails. The fact that you don't have a CA or CRL is caught later in the callers and is what you want, mimicing the non by_dir behaviour instead of possibly some bizzaro file system error. Based on a similar change in Boring. ok tb@
Diffstat (limited to 'src/lib/libssl/tls13_lib.c')
0 files changed, 0 insertions, 0 deletions