projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 338fb16) | patch
Fix proxy certificate pathlength verification
authorRichard Levitte <levitte@openssl.org>
Sun, 19 Jun 2016 08:55:29 +0000 (10:55 +0200)
committerRichard Levitte <levitte@openssl.org>
Wed, 29 Jun 2016 21:13:54 +0000 (23:13 +0200)
commit30aeb3128199c15760a785d88a4eda9e156d5af6
treea6ae3a92c2560ff086e1bf87f682ede135dea6c6tree | snapshot
parent338fb1688fbfb7efe0bdd475b01791a6de5ef94bcommit | diff
Fix proxy certificate pathlength verification

While travelling up the certificate chain, the internal
proxy_path_length must be updated with the pCPathLengthConstraint
value, or verification will not work properly.  This corresponds to
RFC 3820, 4.1.4 (a).

Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/x509/x509_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.