artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cb7cbc0) | patch
Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack.
authorjsing <jsing@openbsd.org>
Sun, 26 Dec 2021 14:59:52 +0000 (14:59 +0000)
committerjsing <jsing@openbsd.org>
Sun, 26 Dec 2021 14:59:52 +0000 (14:59 +0000)
commita1543fdeacfc5931a678090a5173b5e20d110ea4
treea223386a486ade06a168c4d2840f3642a3a42e07tree | snapshot
parentcb7cbc099fbeda54ad48fadb7a6754b5666b3cf2commit | diff
Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack.

Due to a wonderful API inconsistency, a client includes the peer's leaf
certificate in the stored certificate chain, while a server does not.

Found due to a haproxy test failure reported by Ilya Shipitsin.

ok tb@
lib/libssl/tls13_server.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim