CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/05/04 07:52:39
Modified files:
regress/lib/libcrypto/x509: callback.c verify.c
Log message:
libcrypto: extend verify and callback regress
Add three more test variants for scenario 2a:
1) verify that a chain of length 3 validates with depth 2.
2) verify that a chain of length 3 fails to validate with depth 1.
3) verify that a chain of length 3 validates with depth 1 if we
allow the callback to override the depth.
Variant 3) fails in -current and reproduces a scenario reported
by kirill.
Also add two test variants for the scenarios in 14:
4): run the chain of length 32 with a yolo callback returning 1
5): run the chain of length 33 with a yolo callback returning 1
Test 5) fails because we currently bail out at the wrong depth.
The verify callback should allow overriding the failure and will
then hit the bounds check added in x509_verify.c r1.74 to avoid
an overwrite.
Reuse the existing test cases 2a and 14a/14b for this and add an
optional vct->desc that uniquely identifies the test case.
incorporates various feedback from jsing
