Re: OpenSSL 3.2.0: dane_tlsa_add(): tlsa_free() problem?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Nov 25, 2023 at 01:47:13PM -0500, Viktor Dukhovni wrote:

> +                /*
> +                 * The Full(0) certificate decodes to a seemingly valid X.509
> +                 * object with a plausible key, so the TLSA record is well
> +                 * formed.  However, we don't actually need the certifiate for
> +                 * usages PKIX-EE(1) or DANE-EE(3), because at least the EE
> +                 * certificate is always presented by the peer.  We discard the
> +                 * certificate, and just use the TLSA data as an opaque blob
> +                 * for matching the raw presented DER octets.
> +                 *
> +                 * DO NOT FREE `t` here, it will be added to the TLSA record
> +                 * list below!
> +                 */

I've opened PRs against the "openssl-3.2" and "master" branches:

    https://github.com/openssl/openssl/pull/22820
    https://github.com/openssl/openssl/pull/22821

-- 
    Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux