projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fe2f8ae) | patch
Disallow certs with explicit curve in verification chain
authorTomas Mraz <tmraz@fedoraproject.org>
Fri, 11 Sep 2020 07:09:29 +0000 (09:09 +0200)
committerTomas Mraz <tmraz@fedoraproject.org>
Thu, 17 Sep 2020 15:15:15 +0000 (17:15 +0200)
commitcccf532fef10aaa2d682227061b8828a1eb2c031
treeeebff041321fc8ca671a21369395370e806175d2tree | snapshot
parentfe2f8aecfe4a0de483334bf671a8eb4f14444c00commit | diff
Disallow certs with explicit curve in verification chain

The check is applied only with X509_V_FLAG_X509_STRICT.

Fixes #12139

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12683)
16 files changed:
crypto/x509/x509_txt.c diff | blob | history
crypto/x509/x509_vfy.c diff | blob | history
include/openssl/x509_vfy.h.in diff | blob | history
ssl/statem/statem_lib.c diff | blob | history
test/certs/ca-cert-ec-explicit.pem [new file with mode: 0644] blob
test/certs/ca-cert-ec-named.pem [new file with mode: 0644] blob
test/certs/ca-key-ec-explicit.pem [new file with mode: 0644] blob
test/certs/ca-key-ec-named.pem [new file with mode: 0644] blob
test/certs/ee-cert-ec-explicit.pem [new file with mode: 0644] blob
test/certs/ee-cert-ec-named-explicit.pem [new file with mode: 0644] blob
test/certs/ee-cert-ec-named-named.pem [new file with mode: 0644] blob
test/certs/ee-key-ec-explicit.pem [new file with mode: 0644] blob
test/certs/ee-key-ec-named-explicit.pem [new file with mode: 0644] blob
test/certs/ee-key-ec-named-named.pem [new file with mode: 0644] blob
test/certs/setup.sh diff | blob | history
test/recipes/25-test_verify.t diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.