projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c822353) | patch
Fix proxy certificate pathlength verification
authorRichard Levitte <levitte@openssl.org>
Sun, 19 Jun 2016 08:55:29 +0000 (10:55 +0200)
committerRichard Levitte <levitte@openssl.org>
Mon, 20 Jun 2016 19:34:37 +0000 (21:34 +0200)
commited17c7c146a79100bfba5609c3889bddb14f74a2
treeb9b2af3e89173ef5010f1a753b0041e8c6cd5c20tree | snapshot
parentc8223538cb05e5aac6418a5ba6dc4775b7ab486bcommit | diff
Fix proxy certificate pathlength verification

While travelling up the certificate chain, the internal
proxy_path_length must be updated with the pCPathLengthConstraint
value, or verification will not work properly.  This corresponds to
RFC 3820, 4.1.4 (a).

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
crypto/x509/x509_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.