projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d18c7ad) | patch
Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued()
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>
Tue, 24 Dec 2019 10:25:15 +0000 (11:25 +0100)
committerDr. David von Oheimb <David.von.Oheimb@siemens.com>
Wed, 1 Jul 2020 09:14:54 +0000 (11:14 +0200)
commit0e7b1383e138ce3fa66c5bd0ea4a9cb35487436c
tree9ddb274339a9a7da79ba23c1c85af72e57ef6dc8tree | snapshot
parentd18c7ad66aaaebe10c86127d966f5401bc414d2acommit | diff
Fix issue 1418 by moving check of KU_KEY_CERT_SIGN and weakening check_issued()

Move check that cert signing is allowed from x509v3_cache_extensions() to
where it belongs: internal_verify(), generalize it for proxy cert signing.
Correct and simplify check_issued(), now checking self-issued (not: self-signed).
Add test case to 25-test_verify.t that demonstrates successful fix

Fixes #1418

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10587)
crypto/x509/v3_purp.c diff | blob | history
crypto/x509/x509_vfy.c diff | blob | history
doc/man1/openssl.pod diff | blob | history
doc/man3/X509_STORE_set_verify_cb_func.pod diff | blob | history
doc/man3/X509_check_issued.pod diff | blob | history
test/certs/ee-self-signed.pem [new file with mode: 0644] blob
test/certs/setup.sh diff | blob | history
test/recipes/25-test_verify.t diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.