projects
/
libdcp.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
4e6637f
)
Reject certificate chains where the adjacent certificates have the same subject.
author
Carl Hetherington
<cth@carlh.net>
Wed, 26 Jun 2019 14:54:09 +0000
(15:54 +0100)
committer
Carl Hetherington
<cth@carlh.net>
Tue, 1 Oct 2019 20:18:12 +0000
(22:18 +0200)
This is a backport of
31f31800705880da6ec185f9b31c7e125ae18c38
from master.
src/certificate_chain.cc
patch
|
blob
|
history
diff --git
a/src/certificate_chain.cc
b/src/certificate_chain.cc
index 614144366b1864bb79b4d744a9ded8b191730746..0d99d1c920a28083c4bcf748fe3d3dbe822928a6 100644
(file)
--- a/
src/certificate_chain.cc
+++ b/
src/certificate_chain.cc
@@
-464,10
+464,11
@@
CertificateChain::chain_valid (List const & chain) const
return false;
}
- /* I don't know why OpenSSL doesn't check this in verify_cert, but without this check
- the certificates_validation8 test fails.
+ /* I don't know why OpenSSL doesn't check this stuff
+ in verify_cert, but without these checks the
+ certificates_validation8 test fails.
*/
- if (j->issuer() != i->subject()) {
+ if (j->issuer() != i->subject()
|| j->subject() == i->subject()
) {
X509_STORE_free (store);
return false;
}