CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2020/09/26 09:44:06
Modified files:
lib/libcrypto/x509: x509_verify.c
Log message:
Ensure leaf is set up on X509_STORE_CTX before verification.
Previously the leaf certificate was only being set up on the X509_STORE_CTX
after two verification steps were performed, however at least one of those
steps could result in the verification callback being triggered and
existing code breaking.
Issue noticed by Raf Czlonka when attempting to connect to talk.google.com
using profanity (which does not set SNI and ends up receiving an invalid
certificate).
ok beck@ deraadt@ tb@
