diff options
| author |   beck <beck@openbsd.org> | 2018-04-06 07:08:20 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2018-04-06 07:08:20 +0000 |
| commit | 2a5239c0307d34772965b9910f5b853cf88ff9ab (patch) | |
| tree | e548a6df3ef5f070afe7bfe3dd2ab1363cfac978 /lib/libcrypto/x509/vpm_int.h | |
| parent | Add test for username options parsing order, prompted by bz#2849. (diff) | |
| download | wireguard-openbsd-2a5239c0307d34772965b9910f5b853cf88ff9ab.tar.xz wireguard-openbsd-2a5239c0307d34772965b9910f5b853cf88ff9ab.zip | |
poison for X509_VERIFY_PARAM's
Tighten up checks for various X509_VERIFY_PARAM functions, and
allow for the verify param to be poisoned (preculding future
successful cert validation) if the setting of host, ip, or email
for certificate validation fails. (since many callers do not
check the return code in the wild and blunder along anyway)
Inspired by some discussions with Adam Langley.
ok jsing@
Diffstat (limited to 'lib/libcrypto/x509/vpm_int.h')
| -rw-r--r-- | lib/libcrypto/x509/vpm_int.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/libcrypto/x509/vpm_int.h b/lib/libcrypto/x509/vpm_int.h index 6c8061c8472..7fc9fef761b 100644 --- a/lib/libcrypto/x509/vpm_int.h +++ b/lib/libcrypto/x509/vpm_int.h @@ -1,4 +1,4 @@ -/* $OpenBSD: vpm_int.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */ +/* $OpenBSD: vpm_int.h,v 1.4 2018/04/06 07:08:20 beck Exp $ */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project * 2013. @@ -69,6 +69,7 @@ struct X509_VERIFY_PARAM_ID_st { size_t emaillen; unsigned char *ip; /* If not NULL IP address to match */ size_t iplen; /* Length of IP address */ + int poisoned; }; __END_HIDDEN_DECLS |