artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d0e3041) | patch
Distinguish between self-issued certificates and self-signed certificates.
authorjsing <jsing@openbsd.org>
Thu, 22 Jun 2017 17:28:00 +0000 (17:28 +0000)
committerjsing <jsing@openbsd.org>
Thu, 22 Jun 2017 17:28:00 +0000 (17:28 +0000)
commitf675a65f9461f5c7535776900638276d4c7f6b3b
treedebd99d025925a05ec5763ebe1bbb205d5279dactree | snapshot
parentd0e30411106da747c8042fbfd4bdb3a1c43025f3commit | diff
Distinguish between self-issued certificates and self-signed certificates.
The certificate verification code has special cases for self-signed
certificates and without this change, self-issued certificates (which it
seems are common place with openvpn/easyrsa) were also being included in
this category.

Based on BoringSSL.

Thanks to Dale Ghent <daleg at elemental dot org> for assisting in
identifying the issue and testing this fix.

ok inoguchi@
lib/libcrypto/x509v3/v3_purp.c diff | blob | history
lib/libcrypto/x509v3/x509v3.h diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim