Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs
Even though we check the leaf cert to confirm it is valid, we later ignored the invalid flag and did not notice that the leaf cert was bad. Fixes: CVE-2023-0465 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #20588)
- Loading branch information
b013765
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
when if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) is true, set 1 to the variable cbcalled.