]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 398c8da) | patch
Disallow certs with explicit curve in verification chain
authorTomas Mraz <tmraz@fedoraproject.org>
Fri, 11 Sep 2020 07:09:29 +0000 (09:09 +0200)
committerTomas Mraz <tmraz@fedoraproject.org>
Mon, 21 Sep 2020 08:32:59 +0000 (10:32 +0200)
commitfdcddd9357fcda1f0507fda0307d94e8244f2b51
treeab06a7e366ae8509d901ac1497df3d29158b5d13tree
parent398c8da5c8c3cf3369ac7e8883823e0c94735ca7commit | diff
Disallow certs with explicit curve in verification chain

The check is applied only with X509_V_FLAG_X509_STRICT.

Fixes #12139

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12909)
16 files changed:
crypto/x509/x509_txt.c diff | blob | blame | history
crypto/x509/x509_vfy.c diff | blob | blame | history
include/openssl/x509_vfy.h diff | blob | blame | history
ssl/statem/statem_lib.c diff | blob | blame | history
test/certs/ca-cert-ec-explicit.pem [new file with mode: 0644] blob
test/certs/ca-cert-ec-named.pem [new file with mode: 0644] blob
test/certs/ca-key-ec-explicit.pem [new file with mode: 0644] blob
test/certs/ca-key-ec-named.pem [new file with mode: 0644] blob
test/certs/ee-cert-ec-explicit.pem [new file with mode: 0644] blob
test/certs/ee-cert-ec-named-explicit.pem [new file with mode: 0644] blob
test/certs/ee-cert-ec-named-named.pem [new file with mode: 0644] blob
test/certs/ee-key-ec-explicit.pem [new file with mode: 0644] blob
test/certs/ee-key-ec-named-explicit.pem [new file with mode: 0644] blob
test/certs/ee-key-ec-named-named.pem [new file with mode: 0644] blob
test/certs/setup.sh diff | blob | blame | history
test/recipes/25-test_verify.t diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git