Viktor Dukhovni:
> The OpenSSL PEM file parser already ignores content outside of
> BEGIN/END boundaries, so the minimal patch to silently ignore
> unexpected PEM data would be:
>
> --- src/tls/tls_certkey.c
> +++ src/tls/tls_certkey.c
> @@ -412,9 +412,6 @@ static int
> "Wietse" == Wietse Venema writes:
Wietse> John Stoffel:
>> > "Viktor" == Viktor Dukhovni writes:
>>
Viktor> On an mostly unrelated note, OpenSSL 3.0 (~Q4 2020) is changing the
Viktor> error API, so we'll eventually need:
>>
Viktor> --- src/tls/tls_misc.c
Viktor> +++
John Stoffel:
> > "Viktor" == Viktor Dukhovni writes:
>
> Viktor> On an mostly unrelated note, OpenSSL 3.0 (~Q4 2020) is changing the
> Viktor> error API, so we'll eventually need:
>
> Viktor> --- src/tls/tls_misc.c
> Viktor> +++ src/tls/tls_misc.c
> Viktor> @@ -1332,6 +1332,18 @@ void
> "Viktor" == Viktor Dukhovni writes:
Viktor> On an mostly unrelated note, OpenSSL 3.0 (~Q4 2020) is changing the
Viktor> error API, so we'll eventually need:
Viktor> --- src/tls/tls_misc.c
Viktor> +++ src/tls/tls_misc.c
Viktor> @@ -1332,6 +1332,18 @@ voidtls_print_errors(void)
Viktor>
On Sat, Nov 09, 2019 at 08:07:51AM -0500, Wietse Venema wrote:
> What other examples of known-harmless content can people expect to
> see? Should the list be configurable? If all these blobs embedded
> beween lines
>
> -BEGIN TYPE OF OBJECT-
>
> -END TYPE OF OBJECT-
>
> then it
Viktor Dukhovni:
> On Fri, Nov 08, 2019 at 10:03:55PM +0100, Moviuro wrote:
>
> > Hi all,
> >
> > # ecc.key is: (note the EC PARAMETERS object)
> > -BEGIN EC PARAMETERS-
> > ...
> > -END EC PARAMETERS-
> > -BEGIN EC PRIVATE KEY-
> > ...
> > -END EC PRIVATE KEY-