]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a4e7264) | patch
Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs
authorMatt Caswell <matt@openssl.org>
Tue, 7 Mar 2023 16:52:55 +0000 (16:52 +0000)
committerTomas Mraz <tomas@openssl.org>
Tue, 28 Mar 2023 11:31:38 +0000 (13:31 +0200)
commite4142ec43bcc08ffdb090580e24c24a7da302a32
tree6a3c4c9706334d6787717daca755e47927cb4085tree
parenta4e726428608e352283d745cb0716248d29ecf26commit | diff
Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs

Even though we check the leaf cert to confirm it is valid, we
later ignored the invalid flag and did not notice that the leaf
cert was bad.

Fixes: CVE-2023-0465
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20585)
crypto/x509/x509_vfy.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git