projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b3b1eb5) | patch
Fix alt chains bug
authorMatt Caswell <matt@openssl.org>
Tue, 23 Jun 2015 23:12:38 +0000 (00:12 +0100)
committerMatt Caswell <matt@openssl.org>
Tue, 7 Jul 2015 21:57:36 +0000 (22:57 +0100)
commitcb22d2ae5a5b6069dbf66dbcce07223ac15a16de
tree2c91a796e41734227d15b1a6afccb9f8f522c06etree | snapshot
parentb3b1eb5735c5b3d566a9fc3bf745bf716a29afa0commit | diff
Fix alt chains bug

This is a follow up to the alternate chains certificate forgery issue
(CVE-2015-1793). That issue is exacerbated in 1.0.1 by a related bug which
means that we *always* check for an alternative chain, even if we have
already found a chain. The code is supposed to stop as soon as it has found
one (and does do in master and 1.0.2).

Reviewed-by: Stephen Henson <steve@openssl.org>
crypto/x509/verify_extra_test.c diff | blob | history
crypto/x509/x509_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.