CVSROOT: /cvs
Module name: src
Changes by: b...@cvs.openbsd.org 2018/04/06 01:08:20
Modified files:
lib/libcrypto/man: X509_VERIFY_PARAM_set_flags.3
lib/libcrypto/x509: vpm_int.h x509_vfy.c x509_vpm.c
Log message:
poison for X509_VERIFY_PARAM's
Tighten up checks for various X509_VERIFY_PARAM functions, and
allow for the verify param to be poisoned (preculding future
successful cert validation) if the setting of host, ip, or email
for certificate validation fails. (since many callers do not
check the return code in the wild and blunder along anyway)
Inspired by some discussions with Adam Langley.
ok jsing@
