git.ipfire.org Git - thirdparty/openssl.git/commit

]> git.ipfire.org Git - thirdparty/openssl.git/commit

projects / thirdparty / openssl.git / commit

author	Matt Caswell <matt@openssl.org>
	Fri, 3 Dec 2021 15:18:27 +0000 (15:18 +0000)
committer	Matt Caswell <matt@openssl.org>
	Tue, 14 Dec 2021 13:48:34 +0000 (13:48 +0000)
commit	752aa4a6f0f3098258fb6be5592fd18929da59c0
tree	f2f928d76e672f337fc81798046b4596e3d7f80b	tree \| snapshot
parent	3269c8bd9489cf9b03abceab5dee24f831a5e492	commit \| diff

Add a TLS test for name constraints with an EE cert without a SAN

It is valid for name constraints to be in force but for there to be no
SAN extension in a certificate. Previous versions of OpenSSL mishandled
this.

Test for CVE-2021-4044

Reviewed-by: Tomas Mraz <tomas@openssl.org>

test/certs/goodcn2-chain.pem	[new file with mode: 0644]	blob
test/ssl-tests/01-simple.cnf		diff \| blob \| blame \| history
test/ssl-tests/01-simple.cnf.in		diff \| blob \| blame \| history

Mirror of https://github.com/openssl/openssl.git

RSS Atom