SSL_check_chain() broken

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

It looks as though SSL_check_chain() use within the cert_cb (as recommended) was broken by PR 7257.

PR 7257 moves setting the shared_sigalgs to after the cert_cb takes place, but deep down in the call stack, SSL_check_chain() has a dependency on shared_sigalgs being set.

In 1.1.1, the following works, using SSL_check_chain() in the cert_cb. But it fails in 1.1.1a:

apps/openssl s_server -xcert apps/server.pem -xkey apps/server.pem -nocert

Is there harm in setting the shared_sigalgs before cert_cb and resetting them if SSL_set_SSL_CTX() is called? Basically what PR 7256 tried to do?

I opened issue 9099.
--
-Todd Short
// “One if by land, two if by sea, threeif by the Internet."

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux