Errored: openssl/openssl#36167 (master - 0b670a2)

Travis CI builds at travis-ci.com
Fri Jul 17 02:25:15 UTC 2020


Build Update for openssl/openssl
-------------------------------------

Build: #36167
Status: Errored

Duration: 1 hr, 29 mins, and 24 secs
Commit: 0b670a2 (master)
Author: Dr. David von Oheimb
Message: x509_vfy.c: Improve key usage checks in internal_verify() of cert chains

If a presumably self-signed cert is last in chain we verify its signature
only if X509_V_FLAG_CHECK_SS_SIGNATURE is set. Upon this request we do the
signature verification, but not in case it is a (non-conforming) self-issued
CA certificate with a key usage extension that does not include keyCertSign.

Make clear when we must verify the signature of a certificate
and when we must adhere to key usage restrictions of the 'issuing' cert.
Add some comments for making internal_verify() easier to understand.
Update the documentation of X509_V_FLAG_CHECK_SS_SIGNATURE accordingly.

Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12375)

View the changeset: https://github.com/openssl/openssl/compare/318565b73374...0b670a2101c6

View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175884109?utm_medium=notification&utm_source=email

--

You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20200717/ddfe268d/attachment.html>


More information about the openssl-commits mailing list