Switch back to the legacy verifier for the release.

This is disappointing as a lot of work was put into the new verifier during this cycle. However, there are still too many known bugs and incompatibilities. It is better to be faced with known broken behavior than with new broken behavior and to switch now rather than via errata. This way we have another cycle to iron out the kinks and to fix some of the remaining bugs. ok jsing
author: tb <> 2021-04-15 14:15:03 +0000
committer: tb <> 2021-04-15 14:15:03 +0000
commit: 906867a7f88a888f986169775a5186de23cf5b27 (patch)
tree: 04df977d95d0623b6e17e71c47269e2f6ab29c96 /src/lib
parent: 3652e08016409ee47870a1baf96ae02743c66c60 (diff)
download: openbsd-906867a7f88a888f986169775a5186de23cf5b27.tar.gz
openbsd-906867a7f88a888f986169775a5186de23cf5b27.tar.bz2
openbsd-906867a7f88a888f986169775a5186de23cf5b27.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c
index 5133a82b0b..2907448d55 100644
--- a/src/lib/libcrypto/x509/x509_vpm.c
+++ b/src/lib/libcrypto/x509/x509_vpm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vpm.c,v 1.24 2021/04/05 07:02:50 tb Exp $ */
+/* $OpenBSD: x509_vpm.c,v 1.25 2021/04/15 14:15:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
@@ -178,7 +178,7 @@ x509_verify_param_zero(X509_VERIFY_PARAM *param)
        param->trust = 0;
        /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/
        param->inh_flags = 0;
-        param->flags = 0;
+        param->flags = X509_V_FLAG_LEGACY_VERIFY;
        param->depth = -1;
        if (param->policies) {
                sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
author	tb <>	2021-04-15 14:15:03 +0000
committer	tb <>	2021-04-15 14:15:03 +0000
commit	906867a7f88a888f986169775a5186de23cf5b27 (patch)
tree	04df977d95d0623b6e17e71c47269e2f6ab29c96 /src/lib
parent	3652e08016409ee47870a1baf96ae02743c66c60 (diff)
download	openbsd-906867a7f88a888f986169775a5186de23cf5b27.tar.gz openbsd-906867a7f88a888f986169775a5186de23cf5b27.tar.bz2 openbsd-906867a7f88a888f986169775a5186de23cf5b27.zip

diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c index 5133a82b0b..2907448d55 100644 --- a/src/lib/libcrypto/x509/x509_vpm.c +++ b/src/lib/libcrypto/x509/x509_vpm.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vpm.c,v 1.24 2021/04/05 07:02:50 tb Exp $ */	1	/* $OpenBSD: x509_vpm.c,v 1.25 2021/04/15 14:15:03 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2004.	3	* project 2004.
4	*/	4	*/
@@ -178,7 +178,7 @@ x509_verify_param_zero(X509_VERIFY_PARAM *param)
178	param->trust = 0;	178	param->trust = 0;
179	/param->inh_flags = X509_VP_FLAG_DEFAULT;/	179	/param->inh_flags = X509_VP_FLAG_DEFAULT;/
180	param->inh_flags = 0;	180	param->inh_flags = 0;
181	param->flags = 0;	181	param->flags = X509_V_FLAG_LEGACY_VERIFY;
182	param->depth = -1;	182	param->depth = -1;
183	if (param->policies) {	183	if (param->policies) {
184	sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);	184	sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);