]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 650fe84) | patch
Fix PKINIT CMS error checking for older OpenSSL 1281/head
authorGreg Hudson <ghudson@mit.edu>
Tue, 13 Dec 2022 18:15:28 +0000 (13:15 -0500)
committerGreg Hudson <ghudson@mit.edu>
Fri, 13 Jan 2023 18:23:27 +0000 (13:23 -0500)
commite48e2e56a05a47fd932a941ac82c1131ceed47d0
treeb6af8d00853490c16ac610f79693786eb8537420tree
parent650fe8423a47c52b4b347b47cb41259e04e90092commit | diff
Fix PKINIT CMS error checking for older OpenSSL

Commit 70f61d417261ca17efe3d60d180033bea2da60b0 updated the
CMS_verify() error code checks, using two error codes new to OpenSSL
3.0 (RSA_R_DIGEST_NOT_ALLOWED and CMS_R_UNKNOWN_DIGEST_ALGORITHM).
This change broke the build for OpenSSL 1.0 and 1.1.

Instead of looking for codes indicating an algorithm issue and
assuming that everything else is an invalid signature, check for the
code indicating an invalid signature and assume that everything else
is an algorithm issue.

ticket: 9069
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git