From 0d844d36d75e18df22141637bb3bee5b0cdfb6df Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 15 Apr 2021 14:15:03 +0000 Subject: [PATCH] Switch back to the legacy verifier for the release. This is disappointing as a lot of work was put into the new verifier during this cycle. However, there are still too many known bugs and incompatibilities. It is better to be faced with known broken behavior than with new broken behavior and to switch now rather than via errata. This way we have another cycle to iron out the kinks and to fix some of the remaining bugs. ok jsing --- lib/libcrypto/x509/x509_vpm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/libcrypto/x509/x509_vpm.c b/lib/libcrypto/x509/x509_vpm.c index 5133a82b0bf..2907448d558 100644 --- a/lib/libcrypto/x509/x509_vpm.c +++ b/lib/libcrypto/x509/x509_vpm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vpm.c,v 1.24 2021/04/05 07:02:50 tb Exp $ */ +/* $OpenBSD: x509_vpm.c,v 1.25 2021/04/15 14:15:03 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -178,7 +178,7 @@ x509_verify_param_zero(X509_VERIFY_PARAM *param) param->trust = 0; /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/ param->inh_flags = 0; - param->flags = 0; + param->flags = X509_V_FLAG_LEGACY_VERIFY; param->depth = -1; if (param->policies) { sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); -- 2.20.1