[openssl/openssl] b6f107: Fix strict client chain check with TLS-1.3

Tomas Mraz noreply at reply.github.openssl.org
Fri Jun 3 13:52:12 UTC 2022

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: b6f107088cc6f054fac5d0b563dec6fdfaa5a161
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2022-06-03 (Fri, 03 Jun 2022)

  Changed paths:
    M ssl/t1_lib.c

  Log Message:
  Fix strict client chain check with TLS-1.3

When TLS-1.3 is used and the server does not send any CA names
the ca_dn will be NULL. sk_X509_NAME_num() returns -1 on null

Reviewed-by: Todd Short <todd.short at me.com>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17986)

(cherry picked from commit 89dd85430770d39cbfb15eb586c921958ca7687f)

More information about the openssl-commits mailing list