From d4b1ba33374705b987816226c984bcb2c612819f Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 24 Apr 2021 18:10:12 +0000 Subject: [PATCH] Enable the new verifier again so hopefully the remaining kinks get ironed out in this release cycles. discussed with deraadt and jsing --- lib/libcrypto/x509/x509_vpm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/libcrypto/x509/x509_vpm.c b/lib/libcrypto/x509/x509_vpm.c index 2907448d558..aaf0a57dcb5 100644 --- a/lib/libcrypto/x509/x509_vpm.c +++ b/lib/libcrypto/x509/x509_vpm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vpm.c,v 1.25 2021/04/15 14:15:03 tb Exp $ */ +/* $OpenBSD: x509_vpm.c,v 1.26 2021/04/24 18:10:12 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2004. */ @@ -178,7 +178,7 @@ x509_verify_param_zero(X509_VERIFY_PARAM *param) param->trust = 0; /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/ param->inh_flags = 0; - param->flags = X509_V_FLAG_LEGACY_VERIFY; + param->flags = 0; param->depth = -1; if (param->policies) { sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); -- 2.20.1