From e8a3e3f85ade9cfdce5f7a232aec99fe37ac65d4 Mon Sep 17 00:00:00 2001
From: Theo Buehler <tb@openbsd.org>
Date: Thu, 25 May 2023 07:49:41 +0200
Subject: Fix urllib3 CN without SAN tests for LibreSSL 3.6

This is a port of a patch by Christian Heimes and fixes an issue flagged
by Quentin Pradet: https://bugs.python.org/issue43522
---
 patches/x509_vpm.c.patch | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 patches/x509_vpm.c.patch

(limited to 'patches')

diff --git a/patches/x509_vpm.c.patch b/patches/x509_vpm.c.patch
new file mode 100644
index 0000000..b0a3215
--- /dev/null
+++ b/patches/x509_vpm.c.patch
@@ -0,0 +1,21 @@
+--- crypto/x509/x509_vpm.c.orig	Thu May 25 07:41:58 2023
++++ crypto/x509/x509_vpm.c	Thu May 25 07:47:42 2023
+@@ -328,7 +328,9 @@ X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, con
+ 			return 0;
+ 	}
+ 
+-	/* Copy the host flags if and only if we're copying the host list */
++	if (test_x509_verify_param_copy_id(hostflags, 0))
++		dest->id->hostflags = id->hostflags;
++
+ 	if (test_x509_verify_param_copy_id(hosts, NULL)) {
+ 		if (dest->id->hosts) {
+ 			string_stack_free(dest->id->hosts);
+@@ -339,7 +341,6 @@ X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, con
+ 			    sk_deep_copy(id->hosts, strdup, str_free);
+ 			if (dest->id->hosts == NULL)
+ 				return 0;
+-			dest->id->hostflags = id->hostflags;
+ 		}
+ 	}
+ 
-- 
cgit v1.2.3-55-g6feb