Build Update for openssl/openssl ------------------------------------- Build: #3537 Status: Passed
Duration: 25 minutes and 14 seconds Commit: 69664d6 (master) Author: Viktor Dukhovni Message: Future proof build_chain() in x509_vfy.c Coverity reports a potential NULL deref when "2 0 0" DANE trust-anchors from DNS are configured via SSL_dane_tlsa_add() and X509_STORE_CTX_init() is called with a NULL stack of untrusted certificates. Since ssl_verify_cert_chain() always provideds a non-NULL stack of untrusted certs, and no other code path enables DANE, the problem can only happen in applications that use SSL_CTX_set_cert_verify_callback() to implement their own wrappers around X509_verify_cert() passing only the leaf certificate to the latter. Regardless of the "improbability" of the problem, we do need to ensure that build_chain() handles this case correctly. Reviewed-by: Matt Caswell <[email protected]> View the changeset: https://github.com/openssl/openssl/compare/4c5e6b2cb95a...69664d6af0cd View the full build log and details: https://travis-ci.org/openssl/openssl/builds/126186727 -- You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications
_____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
