]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 26576cf) | patch
Fix proxy certificate pathlength verification
authorRichard Levitte <levitte@openssl.org>
Sun, 19 Jun 2016 08:55:29 +0000 (10:55 +0200)
committerRichard Levitte <levitte@openssl.org>
Wed, 29 Jun 2016 23:00:26 +0000 (01:00 +0200)
commitf7c95287b602191a971c1cec9427029b453a68e8
treefcf6485ad08fe012405d51a2c8039eabc25111d0tree | snapshot
parent26576cf9cea7841c9abb54e0609cdf09d3f4c663commit | diff
Fix proxy certificate pathlength verification

While travelling up the certificate chain, the internal
proxy_path_length must be updated with the pCPathLengthConstraint
value, or verification will not work properly.  This corresponds to
RFC 3820, 4.1.4 (a).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 30aeb3128199c15760a785d88a4eda9e156d5af6)
crypto/x509/x509_vfy.c diff | blob | blame | history
A mirror of the official openssl repository