artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 37b24cc) | patch
Move leaf certificate checks to the last thing after chain validation.
authorbeck <beck@openbsd.org>
Sat, 25 Jun 2022 20:01:43 +0000 (20:01 +0000)
committerbeck <beck@openbsd.org>
Sat, 25 Jun 2022 20:01:43 +0000 (20:01 +0000)
commitb86449360131e7cf5619594bfd0c5744b09b604f
treea52eb56e83c71476dcc7ac3e1c31e73aff3673b5tree | snapshot
parent37b24cc91e85284c1484402ab90e8be340177109commit | diff
Move leaf certificate checks to the last thing after chain validation.

While seemingly illogical and not what is done in Go's validator, this
mimics OpenSSL's behavior so that callback overrides for the expiry of
a certificate will not "sticky" override a failure to build a chain.

ok jsing@
lib/libcrypto/x509/x509_verify.c diff | blob | history
regress/lib/libcrypto/x509/Makefile diff | blob | history
regress/lib/libcrypto/x509/expirecallback.c [new file with mode: 0644] blob
OpenBSD src
by Ahmet Artu Yildirim