git.ipfire.org Git - thirdparty/openssl.git/commit

author	Tommy Chiang <ototot@google.com>
	Sun, 25 Jan 2026 13:12:28 +0000 (21:12 +0800)
committer	Tomas Mraz <tomas@openssl.org>
	Tue, 3 Feb 2026 09:39:56 +0000 (10:39 +0100)
commit	59a62db65bd643ade3cbe1a2f74021c38ca9a2da
tree	7915e3d1d8e837ac29599648ac7411570673359f	tree \| snapshot
parent	3cef0d98aa9145bd5c9eda1cf39ae58b685d8742	commit \| diff

SSL_CONF_FLAG: Prevent setting both CMDLINE and FILE flags

The `SSL_CONF_CTX_set_flags` function did not prevent setting both
`SSL_CONF_FLAG_CMDLINE` and `SSL_CONF_FLAG_FILE` flags, which is an
invalid combination. This commit adds a check to prevent this and
updates the documentation to clarify that only one of these flags
can be set.

A new test case is also added to verify the correct behavior.

Fixes https://github.com/openssl/openssl/issues/15508

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Tue Feb 3 09:40:04 2026
(Merged from https://github.com/openssl/openssl/pull/29752)

doc/man3/SSL_CONF_CTX_set_flags.pod		diff \| blob \| blame \| history
ssl/ssl_conf.c		diff \| blob \| blame \| history
test/sslapitest.c		diff \| blob \| blame \| history