artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 52f613d) | patch
Check AFI/SAFI before comparing them in X509v3_addr_is_canonical()
authortb <tb@openbsd.org>
Tue, 28 Dec 2021 20:44:56 +0000 (20:44 +0000)
committertb <tb@openbsd.org>
Tue, 28 Dec 2021 20:44:56 +0000 (20:44 +0000)
commitf8fec339cdfda39838207e997e4a3383198ae858
treee2f0d28ff13a48c6d8159741c74510f95d67e021tree | snapshot
parent52f613d08c032aee86f5b859c45212c243a50ef1commit | diff
Check AFI/SAFI before comparing them in X509v3_addr_is_canonical()

As mentioned in a previous commit, IPAddressFamily_cmp() can't really
check for trailing garbage in addressFamily->data. Since the path
validation and hence the X.509 validator call X509v3_addr_is_canonical(),
this deals with only partially validated data.

ok jsing
lib/libcrypto/x509/x509_addr.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim