CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2020/09/26 09:44:06
Modified files: lib/libcrypto/x509: x509_verify.c Log message: Ensure leaf is set up on X509_STORE_CTX before verification. Previously the leaf certificate was only being set up on the X509_STORE_CTX after two verification steps were performed, however at least one of those steps could result in the verification callback being triggered and existing code breaking. Issue noticed by Raf Czlonka when attempting to connect to talk.google.com using profanity (which does not set SNI and ends up receiving an invalid certificate). ok beck@ deraadt@ tb@