Errored: openssl/openssl#36167 (master - 0b670a2)

Travis CI builds at
Fri Jul 17 02:25:15 UTC 2020

Build Update for openssl/openssl

Build: #36167
Status: Errored

Duration: 1 hr, 29 mins, and 24 secs
Commit: 0b670a2 (master)
Author: Dr. David von Oheimb
Message: x509_vfy.c: Improve key usage checks in internal_verify() of cert chains

If a presumably self-signed cert is last in chain we verify its signature
only if X509_V_FLAG_CHECK_SS_SIGNATURE is set. Upon this request we do the
signature verification, but not in case it is a (non-conforming) self-issued
CA certificate with a key usage extension that does not include keyCertSign.

Make clear when we must verify the signature of a certificate
and when we must adhere to key usage restrictions of the 'issuing' cert.
Add some comments for making internal_verify() easier to understand.
Update the documentation of X509_V_FLAG_CHECK_SS_SIGNATURE accordingly.

Reviewed-by: Tomas Mraz <tmraz at>
(Merged from

View the changeset:

View the full build log and details:


You can unsubscribe from build emails from the openssl/openssl repository going to
Or unsubscribe from *all* email updating your settings at
Or configure specific recipients for build notifications in your .travis.yml file. See

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-commits mailing list