[openssl-users] OpenSSL 1.0.2d X509_verify_cert function does not work as used to with chain of certificates
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Nov 16 06:10:19 UTC 2015
> On Nov 16, 2015, at 12:14 AM, Jayalakshmi bhat <bhat.jayalakshmi at gmail.com> wrote:
>
> This is code snippet from OpenSSL 1.0.1c
>
> int X509_verify_cert(X509_STORE_CTX *ctx) {
>
> ....................
> ....................
> ....................
> /* The chain extensions are OK: check trust */
>
> if (param->trust > 0) ok = check_trust(ctx);
> }
>
> I am talking about "if (param->trust > 0)" that seems to removed in OpenSSL 1.0.2d.
Well this code was removed in 1.0.2d, rather the code in question was removed via
commit d65b8b2162f33ac0d53dace588a0847ed827626c
Author: Ben Laurie <ben at openssl.org>
Date: Fri Dec 14 12:53:53 2012 +0000
Backport OCSP fixes.
More than 2 years before the first OpenSSL 1.0.2 release:
commit 4ac0329582829f5378d8078c8d314ad37db87736
Author: Matt Caswell <matt at openssl.org>
Date: Thu Jan 22 16:12:26 2015 +0000
Prepare for 1.0.2 release
Reviewed-by: Stephen Henson <steve at openssl.org>
http://openssl.org/news/newslog.html
Date Item
09-Jul-2015 Security Advisory: one security fix
09-Jul-2015 OpenSSL 1.0.2d is now available, including bug and security fixes
09-Jul-2015 OpenSSL 1.0.1p is now available, including bug and security fixes
06-Jul-2015 OpenSSL 1.0.2d and 1.0.1p security releases due 9th July 2015
12-Jun-2015 New releases to resolve ABI compatibility problems:
12-Jun-2015 OpenSSL 1.0.2c is now available, including bug fixes
12-Jun-2015 OpenSSL 1.0.1o is now available, including bug fixes
11-Jun-2015 Security Advisory: five security fixes
11-Jun-2015 OpenSSL 1.0.2b is now available, including bug and security fixes
11-Jun-2015 OpenSSL 1.0.1n is now available, including bug and security fixes
11-Jun-2015 OpenSSL 1.0.0s is now available, including bug and security fixes
11-Jun-2015 OpenSSL 0.9.8zg is now available, including bug and security fixes
19-Mar-2015 Security Advisory: twelve security fixes
19-Mar-2015 OpenSSL 1.0.2a is now available, including bug and security fixes
19-Mar-2015 OpenSSL 1.0.1m is now available, including bug and security fixes
19-Mar-2015 OpenSSL 1.0.0r is now available, including bug and security fixes
19-Mar-2015 OpenSSL 0.9.8zf is now available, including bug and security fixes
22-Jan-2015 OpenSSL 1.0.2 is now available, a major release
You should probably explain what you're doing, and in what way OpenSSL 1.0.2
(all upstream versions) is not working the way you expect.
--
Viktor.
More information about the openssl-users
mailing list