projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c1c1bb7) | patch
Fix infinite verification loops due to has_san_id
authorTobias Nießen <tniessen@tnie.de>
Mon, 29 Nov 2021 03:41:20 +0000 (03:41 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 14 Dec 2021 13:48:34 +0000 (13:48 +0000)
commit6894e20b50c1204bfc990093b4e7ccd10f92865d
tree50f03ef32ce25ae155bedaa14ca59f877593b6f3tree | snapshot
parentc1c1bb7c5e2baa109baec62d2af09d24caae5557commit | diff
Fix infinite verification loops due to has_san_id

Where name constraints apply, X509_verify() would incorrectly report an
internal error in the event that a certificate has no SAN extension.

CVE-2021-4044

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
crypto/x509/x509_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.