Perform manual validity checking of the X.509 certificate for constraints. - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	jsing <jsing@openbsd.org>	2019-01-21 08:38:22 +0000
committer	jsing <jsing@openbsd.org>	2019-01-21 08:38:22 +0000
commit	205dc5ecac799b635d7218b3b4954268e3534b79 (patch)
tree	e4c95bb27dfd8942b00fbbffc03034922e2f9f67 /lib/libssl/tls13_lib.c
parent	Zap unused ntop_buf (diff)
download	wireguard-openbsd-205dc5ecac799b635d7218b3b4954268e3534b79.tar.xz wireguard-openbsd-205dc5ecac799b635d7218b3b4954268e3534b79.zip

Perform manual validity checking of the X.509 certificate for constraints.

Given that we're getting a constraint so that we can validate time, if our own time is out we can fail the automatic validity checking since it is based on the wallclock. Instead, disable the automatic validity checking and perform manual checks based on the time reported from the server via the HTTP header. Discussed at length with and ok deraadt@

Diffstat (limited to 'lib/libssl/tls13_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: