]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ce6902e) | patch
Add a TLS test for name constraints with an EE cert without a SAN
authorMatt Caswell <matt@openssl.org>
Fri, 3 Dec 2021 15:18:27 +0000 (15:18 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 14 Dec 2021 14:28:45 +0000 (14:28 +0000)
commit26ac3f630a4be31deb4d4dee7f988fe3dabbe887
treede6eaf5ac8a7f53f2bf4bb845db1007c1a96e365tree
parentce6902e5823aa7e85ef19712c6f925eb7ad27df9commit | diff
Add a TLS test for name constraints with an EE cert without a SAN

It is valid for name constraints to be in force but for there to be no
SAN extension in a certificate. Previous versions of OpenSSL mishandled
this.

Test for CVE-2021-4044

Reviewed-by: Tomas Mraz <tomas@openssl.org>
test/certs/goodcn2-chain.pem [new file with mode: 0644] blob
test/ssl-tests/01-simple.cnf diff | blob | blame | history
test/ssl-tests/01-simple.cnf.in diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git