CVSROOT: /cvs Module name: src Changes by: b...@cvs.openbsd.org 2018/04/06 01:08:20
Modified files: lib/libcrypto/man: X509_VERIFY_PARAM_set_flags.3 lib/libcrypto/x509: vpm_int.h x509_vfy.c x509_vpm.c Log message: poison for X509_VERIFY_PARAM's Tighten up checks for various X509_VERIFY_PARAM functions, and allow for the verify param to be poisoned (preculding future successful cert validation) if the setting of host, ip, or email for certificate validation fails. (since many callers do not check the return code in the wild and blunder along anyway) Inspired by some discussions with Adam Langley. ok jsing@