CVSROOT: /cvs
Module name: src
Changes by: b...@cvs.openbsd.org 2024/07/12 09:53:51
Modified files:
lib/libcrypto/x509: x509_trs.c
Log message:
Clean up in X509_check_trust.
The XXX comment in here is now outdated. Our behaviour matches boringssl
in that passing in a 0 trust gets the default behavior, which is to
trust the certificate only if it has EKU any, or is self signed.
Remove the goofy unused nid argument to "trust_compat" and rename it to
what it really does, instead of some bizzare abstraction to something
simple so the code need not change if we ever change our mind on what
"compat" is for X.509, which will probably only happen when we are back
to identifying things by something more sensible like recognizable grunts
and smells.
ok jsing@
