Errored: openssl/openssl#36167 (master - 0b670a2)
builds at travis-ci.com
Fri Jul 17 02:25:15 UTC 2020
Build Update for openssl/openssl
Duration: 1 hr, 29 mins, and 24 secs
Commit: 0b670a2 (master)
Author: Dr. David von Oheimb
Message: x509_vfy.c: Improve key usage checks in internal_verify() of cert chains
If a presumably self-signed cert is last in chain we verify its signature
only if X509_V_FLAG_CHECK_SS_SIGNATURE is set. Upon this request we do the
signature verification, but not in case it is a (non-conforming) self-issued
CA certificate with a key usage extension that does not include keyCertSign.
Make clear when we must verify the signature of a certificate
and when we must adhere to key usage restrictions of the 'issuing' cert.
Add some comments for making internal_verify() easier to understand.
Update the documentation of X509_V_FLAG_CHECK_SS_SIGNATURE accordingly.
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12375)
View the changeset: https://github.com/openssl/openssl/compare/318565b73374...0b670a2101c6
View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/175884109?utm_medium=notification&utm_source=email
You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-commits