diff options
author | Tomas Mraz <tmraz@fedoraproject.org> | 2020-09-11 09:09:29 +0200 |
---|---|---|
committer | Tomas Mraz <tmraz@fedoraproject.org> | 2020-09-17 17:15:15 +0200 |
commit | cccf532fef10aaa2d682227061b8828a1eb2c031 (patch) | |
tree | eebff041321fc8ca671a21369395370e806175d2 /include | |
parent | fe2f8aecfe4a0de483334bf671a8eb4f14444c00 (diff) |
Disallow certs with explicit curve in verification chain
The check is applied only with X509_V_FLAG_X509_STRICT.
Fixes #12139
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/12683)
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/x509_vfy.h.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/x509_vfy.h.in b/include/openssl/x509_vfy.h.in index 8a565f71a3..6266e6007d 100644 --- a/include/openssl/x509_vfy.h.in +++ b/include/openssl/x509_vfy.h.in @@ -242,6 +242,7 @@ X509_LOOKUP_ctrl_with_libctx((x), X509_L_ADD_STORE, (name), 0, NULL, \ # define X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL 91 # define X509_V_ERR_CA_CERT_MISSING_KEY_USAGE 92 # define X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 93 +# define X509_V_ERR_EC_KEY_EXPLICIT_PARAMS 94 /* Certificate verify flags */ # ifndef OPENSSL_NO_DEPRECATED_1_1_0 |