Fix two bugs in the legacy verifier - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2021-02-25 17:29:22 +0000
committer	tb <>	2021-02-25 17:29:22 +0000
commit	7227be70483e3ee10d48bca3182b402fe54a1d4d (patch)
tree	d1962c3b5f81151f136e89663cedd20e033ce721 /src/regress/usr.bin/openssl
parent	f5ad8c746a9589134ceaa336268d6a41efef12d5 (diff)
download	openbsd-7227be70483e3ee10d48bca3182b402fe54a1d4d.tar.gz openbsd-7227be70483e3ee10d48bca3182b402fe54a1d4d.tar.bz2 openbsd-7227be70483e3ee10d48bca3182b402fe54a1d4d.zip

Fix two bugs in the legacy verifier

To integrate the new X.509 verifier, X509_verify_cert() was refactored. The code building chains in the legacy verifier was split into a separate function. The first bug is that its return value was treated as a Boolean although it wasn't. Second, the return alone is not enough to decide whether to carry on the validation or not. Slightly rearrange things to restore the behavior of the legacy verifier prior to this refactoring. Issue found and test case provided by Anton Borowka and jan. ok jan jsing

Diffstat (limited to 'src/regress/usr.bin/openssl')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: