sync with OpenBSD -current

This commit is contained in:
purplerain 2024-04-10 21:48:14 +00:00
parent fe31ca4724
commit 2d743fc5aa
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
189 changed files with 3737 additions and 1337 deletions

View file

@ -1,4 +1,4 @@
/* $OpenBSD: x509_purp.c,v 1.40 2024/04/08 23:46:21 beck Exp $ */
/* $OpenBSD: x509_purp.c,v 1.41 2024/04/09 15:00:44 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2001.
*/
@ -398,6 +398,13 @@ x509v3_cache_extensions_internal(X509 *x)
if (x->ex_flags & EXFLAG_SET)
return;
/*
* XXX - this should really only set EXFLAG_INVALID if extensions are
* invalid. However, the X509_digest() failure matches OpenSSL/BoringSSL
* behavior and the version checks are at least vaguely related to
* extensions.
*/
if (!X509_digest(x, X509_CERT_HASH_EVP, x->hash, NULL))
x->ex_flags |= EXFLAG_INVALID;