[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 251/254: libressl: OCSP and intermediate certs work
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 251/254: libressl: OCSP and intermediate certs workaround no longer needed |
|
Date: |
Sat, 17 Jun 2017 16:54:43 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.54.1
in repository gnurl.
commit 9f54ad8f15172d52cc0df9de8b65887c13a54a90
Author: Stuart Henderson <address@hidden>
AuthorDate: Tue Jun 13 12:06:03 2017 +0200
libressl: OCSP and intermediate certs workaround no longer needed
lib/vtls/openssl.c has a workaround for a bug with OCSP responses signed
by intermediate certs, this was fixed in LibreSSL in
https://github.com/libressl-portable/openbsd/commit/912c64f68f7ac4f225b7d1fdc8fbd43168912ba0
Bug: https://curl.haxx.se/mail/lib-2017-06/0038.html
---
lib/vtls/openssl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 9def5ab66..dbee36929 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1371,7 +1371,8 @@ static CURLcode verifystatus(struct connectdata *conn,
st = SSL_CTX_get_cert_store(connssl->ctx);
#if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
- defined(LIBRESSL_VERSION_NUMBER))
+ (defined(LIBRESSL_VERSION_NUMBER) && \
+ LIBRESSL_VERSION_NUMBER <= 0x2040200fL))
/* The authorized responder cert in the OCSP response MUST be signed by the
peer cert's issuer (see RFC6960 section 4.2.2.2). If that's a root cert,
no problem, but if it's an intermediate cert OpenSSL has a bug where it
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 238/254: asyn-ares: s/Curl_expire_latest/Curl_expire, (continued)
- [GNUnet-SVN] [gnurl] 238/254: asyn-ares: s/Curl_expire_latest/Curl_expire, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 235/254: file: make speedcheck use current time for checks, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 156/254: cmake: add CURL_CA_BUNDLE/CURL_CA_FALLBACK/CURL_CA_PATH options, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 183/254: docs: clarify NO_PROXY further, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 237/254: expire: remove Curl_expire_latest(), gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 200/254: typecheck-gcc.h: separate getinfo slist checks from other pointers, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 218/254: libtest: fix int-in-bool-context warnings, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 244/254: RELEASE-PROCEDURE: updated future release dates, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 249/254: urlglob: fix division by zero, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 175/254: opts: more examples added in option man pages, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 251/254: libressl: OCSP and intermediate certs workaround no longer needed,
gnunet <=
- [GNUnet-SVN] [gnurl] 80/254: typecheck-gcc: add support for CURLINFO_SOCKET, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 104/254: tftp: silence bad-function-cast warning, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 107/254: sendrecv: fix MinGW-w64 warning, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 152/254: ssh: ignore timeouts during disconnect, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 211/254: dedotdot: fixed output for ".." and "." only input, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 206/254: curl_endian: remove unused functions, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 169/254: examples: fix Wimplicit-fallthrough warnings, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 158/254: cmake: remove CURL_CA_BUNDLE from cmake TODO, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 178/254: RELEASE-NOTES: synced with 3aaac8c2f, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 202/254: typecheck-gcc.h: check CURLINFO_CERTINFO, gnunet, 2017/06/17