diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-30 09:57:49 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-01-14 14:36:09 +0100 |
commit | fb1e2411042f0367c2560e4ec5e4b1189ca9cd45 (patch) | |
tree | 76ff10c7eecdbbddaeda44c71d0ede617c2db80c /doc/man3 | |
parent | 2a9785c252df6836da90da33aaeed8edb506e556 (diff) |
X509_cmp(): Fix comparison in case x509v3_cache_extensions() failed to due to invalid cert
This is the backport of #13755 to v1.1.1.
Fixes #13698
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13756)
Diffstat (limited to 'doc/man3')
-rw-r--r-- | doc/man3/X509_get_extension_flags.pod | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/doc/man3/X509_get_extension_flags.pod b/doc/man3/X509_get_extension_flags.pod index 43c9c952c6..cca72c71fc 100644 --- a/doc/man3/X509_get_extension_flags.pod +++ b/doc/man3/X509_get_extension_flags.pod @@ -78,12 +78,17 @@ The certificate contains an unhandled critical extension. =item B<EXFLAG_INVALID> -Some certificate extension values are invalid or inconsistent. The -certificate should be rejected. +Some certificate extension values are invalid or inconsistent. +The certificate should be rejected. This bit may also be raised after an out-of-memory error while processing the X509 object, so it may not be related to the processed ASN1 object itself. +=item B<EXFLAG_NO_FINGERPRINT> + +Failed to compute the internal SHA1 hash value of the certificate. +This may be due to malloc failure or because no SHA1 implementation was found. + =item B<EXFLAG_INVALID_POLICY> The NID_certificate_policies certificate extension is invalid or |