artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a904d29) | patch
Reject setting invalid versions for certs, CRLs and CSRs
authortb <tb@openbsd.org>
Tue, 26 Mar 2024 11:09:37 +0000 (11:09 +0000)
committertb <tb@openbsd.org>
Tue, 26 Mar 2024 11:09:37 +0000 (11:09 +0000)
commitca68b301c7505e89918ca84314f26f74fdf649fa
tree7d24e345042e5c899bd245bf43cc1330c2cd584ftree | snapshot
parenta904d29fcc66f527ee7991676fa5795a6b9398e7commit | diff
Reject setting invalid versions for certs, CRLs and CSRs

The toolkit aspect bites again. Lots of invalid CRLs and CSRs are produced
because people neither read the RFCs nor does the toolkit check anything it
is fed. Reviewers apparently also aren't capable of remembering that they
have three copy-pasted versions of the same API and that adding a version
check to one of the might suggest adding one for the other two.

This requires ruby-openssl 20240326p0 to pass

ok beck job jsing
lib/libcrypto/x509/x509_set.c diff | blob | history
lib/libcrypto/x509/x509cset.c diff | blob | history
lib/libcrypto/x509/x509rset.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim