CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2022/10/20 03:45:18
Modified files:
lib/libcrypto/x509: Tag: OPENBSD_7_2 x509_verify.c
Log message:
Store errors that result from leaf certificate verification.
In the case that a verification callback is installed that tells the
verifier to continue when a certificate is invalid (e.g. expired),
any error resulting from the leaf certificate verification is not stored
and made available post verification, resulting in an incorrect error being
returned.
Also perform leaf certificate verification prior to adding the chain, which
avoids a potential memory leak (as noted by tb@).
Issue reported by Ilya Shipitsin, who encountered haproxy regress failures.
ok tb@; from jsing
This is errata/7.2/001_x509.patch.sig
