diff options
| author | beck <> | 2022-11-10 16:52:19 +0000 |
|---|---|---|
| committer | beck <> | 2022-11-10 16:52:19 +0000 |
| commit | 4e0f071b48262557d3d6a5179572b1af79ce8e08 (patch) | |
| tree | def88d90cd59c7335afd418e2515dab93c47c69a /src | |
| parent | b5ed53409142514956f60e6269d78efcaf41c191 (diff) | |
| download | openbsd-4e0f071b48262557d3d6a5179572b1af79ce8e08.tar.gz openbsd-4e0f071b48262557d3d6a5179572b1af79ce8e08.tar.bz2 openbsd-4e0f071b48262557d3d6a5179572b1af79ce8e08.zip | |
Allow explicit cert trusts or distrusts for EKU any
This matches the current OpenSSL behaviour introduced
in their commit:
commit 0daccd4dc1f1ac62181738a91714f35472e50f3c
Date: Thu Jan 28 03:01:45 2016 -0500
ok jsing@ tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_trs.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index 72d616a106..a967edf933 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_trs.c,v 1.25 2021/11/01 20:53:08 tb Exp $ */ | 1 | /* $OpenBSD: x509_trs.c,v 1.26 2022/11/10 16:52:19 beck Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 1999. |
| 4 | */ | 4 | */ |
| @@ -322,7 +322,7 @@ static int | |||
| 322 | obj_trust(int id, X509 *x, int flags) | 322 | obj_trust(int id, X509 *x, int flags) |
| 323 | { | 323 | { |
| 324 | ASN1_OBJECT *obj; | 324 | ASN1_OBJECT *obj; |
| 325 | int i; | 325 | int i, nid; |
| 326 | X509_CERT_AUX *ax; | 326 | X509_CERT_AUX *ax; |
| 327 | 327 | ||
| 328 | ax = x->aux; | 328 | ax = x->aux; |
| @@ -331,14 +331,16 @@ obj_trust(int id, X509 *x, int flags) | |||
| 331 | if (ax->reject) { | 331 | if (ax->reject) { |
| 332 | for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { | 332 | for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { |
| 333 | obj = sk_ASN1_OBJECT_value(ax->reject, i); | 333 | obj = sk_ASN1_OBJECT_value(ax->reject, i); |
| 334 | if (OBJ_obj2nid(obj) == id) | 334 | nid = OBJ_obj2nid(obj); |
| 335 | if (nid == id || nid == NID_anyExtendedKeyUsage) | ||
| 335 | return X509_TRUST_REJECTED; | 336 | return X509_TRUST_REJECTED; |
| 336 | } | 337 | } |
| 337 | } | 338 | } |
| 338 | if (ax->trust) { | 339 | if (ax->trust) { |
| 339 | for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { | 340 | for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { |
| 340 | obj = sk_ASN1_OBJECT_value(ax->trust, i); | 341 | obj = sk_ASN1_OBJECT_value(ax->trust, i); |
| 341 | if (OBJ_obj2nid(obj) == id) | 342 | nid = OBJ_obj2nid(obj); |
| 343 | if (nid == id || nid == NID_anyExtendedKeyUsage) | ||
| 342 | return X509_TRUST_TRUSTED; | 344 | return X509_TRUST_TRUSTED; |
| 343 | } | 345 | } |
| 344 | } | 346 | } |