CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2023/06/01 01:29:15
Modified files:
lib/libtls : tls_verify.c
Log message:
Check for X509_get_ext_d2i() failure
X509_get_ext_d2i() (or rather X509V3_get_d2i()) can return NULL for
various reasons. If it fails because the extension wasn't found, it
sets *crit = -1. In any other case, e.g., the cert is bad or we ran
out of memory in X509V3_EXT_d2i(), crit is set to something else, so
we should actually error.
ok jsing
