Store errors that result from leaf certificate verification. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2022-10-20 09:45:18 +0000
committer	tb <>	2022-10-20 09:45:18 +0000
commit	a501e42ba79e88a58d28b4491728b8cf86cf46d6 (patch)
tree	7886fca685114c270c03ea9fbd63d533cb54a073 /src/regress
parent	27810550115830bf09d9a5b75f9d712c0404747c (diff)
download	openbsd-a501e42ba79e88a58d28b4491728b8cf86cf46d6.tar.gz openbsd-a501e42ba79e88a58d28b4491728b8cf86cf46d6.tar.bz2 openbsd-a501e42ba79e88a58d28b4491728b8cf86cf46d6.zip

Store errors that result from leaf certificate verification.

In the case that a verification callback is installed that tells the verifier to continue when a certificate is invalid (e.g. expired), any error resulting from the leaf certificate verification is not stored and made available post verification, resulting in an incorrect error being returned. Also perform leaf certificate verification prior to adding the chain, which avoids a potential memory leak (as noted by tb@). Issue reported by Ilya Shipitsin, who encountered haproxy regress failures. ok tb@; from jsing This is errata/7.2/001_x509.patch.sig

Diffstat (limited to 'src/regress')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: