]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3269c8b) | patch
Add a TLS test for name constraints with an EE cert without a SAN
authorMatt Caswell <matt@openssl.org>
Fri, 3 Dec 2021 15:18:27 +0000 (15:18 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 14 Dec 2021 13:48:34 +0000 (13:48 +0000)
commit752aa4a6f0f3098258fb6be5592fd18929da59c0
treef2f928d76e672f337fc81798046b4596e3d7f80btree
parent3269c8bd9489cf9b03abceab5dee24f831a5e492commit | diff
Add a TLS test for name constraints with an EE cert without a SAN

It is valid for name constraints to be in force but for there to be no
SAN extension in a certificate. Previous versions of OpenSSL mishandled
this.

Test for CVE-2021-4044

Reviewed-by: Tomas Mraz <tomas@openssl.org>
test/certs/goodcn2-chain.pem [new file with mode: 0644] blob
test/ssl-tests/01-simple.cnf diff | blob | blame | history
test/ssl-tests/01-simple.cnf.in diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git