Copy the verify param hostflags independently of the host list - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2023-05-24 09:15:14 +0000
committer	tb <>	2023-05-24 09:15:14 +0000
commit	9c79756c47801e50fdbf7b07b7e6ea1dfad2779b (patch)
tree	fcd81828bbb8b8ef794acaddd3190486bb559ad9 /src/lib/libssl
parent	61c81a83de1329c6eec47a61f17e68b7c5a335f9 (diff)
download	openbsd-9c79756c47801e50fdbf7b07b7e6ea1dfad2779b.tar.gz openbsd-9c79756c47801e50fdbf7b07b7e6ea1dfad2779b.tar.bz2 openbsd-9c79756c47801e50fdbf7b07b7e6ea1dfad2779b.zip

Copy the verify param hostflags independently of the host list

Without this, hostflags set on the SSL_CTX would not propagate to newly created SSL. This is surprising behavior that was changed in OpenSSL 1.1 by Christian Heimes after the issue was flagged by Quentin Pradet: https://bugs.python.org/issue43522 This is a version of the fix that landed in OpenSSL. There used to be a workaround in place in urllib3, but that was removed at some point. We haven't fixed this earlier since it wasn't reported. It only showed up after recent fallout of extraordinarily strict library checking in urllib3 coming from their own interpretation of the implications of PEP 644. ok jsing

Diffstat (limited to 'src/lib/libssl')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: