CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2020/09/23 12:20:16
Modified files:
lib/libcrypto/x509: x509_verify.c
Log message:
Ensure chain is set on the X509_STORE_CTX before triggering callback.
Various software expects the previous behaviour where the certificate chain
is available on the X509_STORE_CTX when the verify callback is triggered.
Issue hit by bket@ with lastpass-cli which has built in certificate
pinning that is checked via the verify callback.
Fix confirmed by bket@.
ok beck@
