[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Richard Levitte
levitte at openssl.org
Wed Aug 3 14:15:28 UTC 2016
The branch OpenSSL_1_0_2-stable has been updated
via 1228ae7738e1ad2189a04ab4ca2dc5a317d1a29c (commit)
from 436dead2e2a157fa501a7538a77b6078391b477f (commit)
- Log -----------------------------------------------------------------
commit 1228ae7738e1ad2189a04ab4ca2dc5a317d1a29c
Author: Richard Levitte <levitte at openssl.org>
Date: Wed Aug 3 16:02:20 2016 +0200
Don't check any revocation info on proxy certificates
Because proxy certificates typically come without any CRL information,
trying to check revocation on them will fail. Better not to try
checking such information for them at all.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(cherry picked from commit 790555d6756285b3ec18e3efbb195cf33f217d8f)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_vfy.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index ade5985..8334b3f 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -992,6 +992,8 @@ static int check_cert(X509_STORE_CTX *ctx)
ctx->current_issuer = NULL;
ctx->current_crl_score = 0;
ctx->current_reasons = 0;
+ if (x->ex_flags & EXFLAG_PROXY)
+ return 1;
while (ctx->current_reasons != CRLDP_ALL_REASONS) {
last_reasons = ctx->current_reasons;
/* Try to retrieve relevant CRL */
More information about the openssl-commits
mailing list