boringssl

History

David Benjamin 8f1e113a73 Ensure verify error is set when X509_verify_cert() fails. Set ctx->error = X509_V_ERR_OUT_OF_MEM when verification cannot continue due to malloc failure. Similarly for issuer lookup failures and caller errors (bad parameters or invalid state). Also, when X509_verify_cert() returns <= 0 make sure that the verification status does not remain X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns an error without setting an appropriate value of ctx->error. Add new and some missing error codes to X509 error -> SSL alert switch. (Imported from upstream's 5553a12735e11bc9aa28727afe721e7236788aab.) Change-Id: I3231a6b2e72a3914cb9316b8e90ebaee009a1c5f Reviewed-on: https://boringssl-review.googlesource.com/8170 Reviewed-by: David Benjamin <davidben@google.com>	2016-06-09 17:29:39 +00:00
..
openssl	Ensure verify error is set when X509_verify_cert() fails.	2016-06-09 17:29:39 +00:00

David Benjamin 8f1e113a73 Ensure verify error is set when X509_verify_cert() fails.

Set ctx->error = X509_V_ERR_OUT_OF_MEM when verification cannot
continue due to malloc failure.  Similarly for issuer lookup failures
and caller errors (bad parameters or invalid state).

Also, when X509_verify_cert() returns <= 0 make sure that the
verification status does not remain X509_V_OK, as a last resort set
it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns
an error without setting an appropriate value of ctx->error.

Add new and some missing error codes to X509 error -> SSL alert switch.

(Imported from upstream's 5553a12735e11bc9aa28727afe721e7236788aab.)

Change-Id: I3231a6b2e72a3914cb9316b8e90ebaee009a1c5f
Reviewed-on: https://boringssl-review.googlesource.com/8170
Reviewed-by: David Benjamin <davidben@google.com>

2016-06-09 17:29:39 +00:00

openssl

Ensure verify error is set when X509_verify_cert() fails.

2016-06-09 17:29:39 +00:00