Land #864,Fix urllib3 CN without SAN tests for LibreSSL 3.6

author: Brent Cook <busterb@gmail.com> 2023-05-25 22:19:42 -0500
committer: Brent Cook <busterb@gmail.com> 2023-05-25 22:19:42 -0500
commit: 6d284cfca1b78e3e2547e0a60883e54c312c923e (patch)
tree: b42c9905af5eb183d5e3a0ff7bd231357833acf3
parent: 7b75223af4fe1baffe4f97e7a690122c19e5a868 (diff)
parent: e8a3e3f85ade9cfdce5f7a232aec99fe37ac65d4 (diff)
download: portable-6d284cfca1b78e3e2547e0a60883e54c312c923e.tar.gz
portable-6d284cfca1b78e3e2547e0a60883e54c312c923e.tar.bz2
portable-6d284cfca1b78e3e2547e0a60883e54c312c923e.zip
2 files changed, 27 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 98cc5a0..483a679 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,12 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
+3.6.3 - Stable release
+        * Bug fix
+          - Hostflags in the verify parameters would not propagate from an
+            SSL_CTX to newly created SSL.
 3.6.2 - Stable release
        * Security fix
diff --git a/patches/x509_vpm.c.patch b/patches/x509_vpm.c.patch
new file mode 100644
index 0000000..b0a3215
--- /dev/null
+++ b/patches/x509_vpm.c.patch
@@ -0,0 +1,21 @@
+--- crypto/x509/x509_vpm.c.orig Thu May 25 07:41:58 2023
+++ crypto/x509/x509_vpm.c      Thu May 25 07:47:42 2023
+@@ -328,7 +328,9 @@ X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, con
+                        return 0;
+        }
+ 
+-       /* Copy the host flags if and only if we're copying the host list */
+       if (test_x509_verify_param_copy_id(hostflags, 0))
+               dest->id->hostflags = id->hostflags;
+
+        if (test_x509_verify_param_copy_id(hosts, NULL)) {
+                if (dest->id->hosts) {
+                        string_stack_free(dest->id->hosts);
+@@ -339,7 +341,6 @@ X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, con
+                            sk_deep_copy(id->hosts, strdup, str_free);
+                        if (dest->id->hosts == NULL)
+                                return 0;
+-                       dest->id->hostflags = id->hostflags;
+                }
+        }
+
author	Brent Cook <busterb@gmail.com>	2023-05-25 22:19:42 -0500
committer	Brent Cook <busterb@gmail.com>	2023-05-25 22:19:42 -0500
commit	6d284cfca1b78e3e2547e0a60883e54c312c923e (patch)
tree	b42c9905af5eb183d5e3a0ff7bd231357833acf3
parent	7b75223af4fe1baffe4f97e7a690122c19e5a868 (diff)
parent	e8a3e3f85ade9cfdce5f7a232aec99fe37ac65d4 (diff)
download	portable-6d284cfca1b78e3e2547e0a60883e54c312c923e.tar.gz portable-6d284cfca1b78e3e2547e0a60883e54c312c923e.tar.bz2 portable-6d284cfca1b78e3e2547e0a60883e54c312c923e.zip

diff --git a/ChangeLog b/ChangeLog index 98cc5a0..483a679 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -28,6 +28,12 @@ history is also available from Git.
28		28
29	LibreSSL Portable Release Notes:	29	LibreSSL Portable Release Notes:
30		30
		31	3.6.3 - Stable release
		32
		33	* Bug fix
		34	- Hostflags in the verify parameters would not propagate from an
		35	SSL_CTX to newly created SSL.
		36
31	3.6.2 - Stable release	37	3.6.2 - Stable release
32		38
33	* Security fix	39	* Security fix


diff --git a/patches/x509_vpm.c.patch b/patches/x509_vpm.c.patch new file mode 100644 index 0000000..b0a3215 --- /dev/null +++ b/patches/x509_vpm.c.patch
@@ -0,0 +1,21 @@
		1	--- crypto/x509/x509_vpm.c.orig Thu May 25 07:41:58 2023
		2	+++ crypto/x509/x509_vpm.c Thu May 25 07:47:42 2023
		3	@@ -328,7 +328,9 @@ X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, con
		4	return 0;
		5	}
		6
		7	- /* Copy the host flags if and only if we're copying the host list */
		8	+ if (test_x509_verify_param_copy_id(hostflags, 0))
		9	+ dest->id->hostflags = id->hostflags;
		10	+
		11	if (test_x509_verify_param_copy_id(hosts, NULL)) {
		12	if (dest->id->hosts) {
		13	string_stack_free(dest->id->hosts);
		14	@@ -339,7 +341,6 @@ X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, con
		15	sk_deep_copy(id->hosts, strdup, str_free);
		16	if (dest->id->hosts == NULL)
		17	return 0;
		18	- dest->id->hostflags = id->hostflags;
		19	}
		20	}
		21