diff options
author | Matt Caswell <matt@openssl.org> | 2020-04-01 16:10:08 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-04-09 00:00:20 +0100 |
commit | e66c37deb64d4e4ab0c2d63b817760d387eb9ed8 (patch) | |
tree | e9cc5a4aea8b3e3ec3a459e4e10ddfef0f92d165 /ssl | |
parent | 0c56a64829b9fca0a4031dc97f4fadff3291b227 (diff) |
Explicitly cache the X509v3_extensions in one more place in libssl
Make sure we cache the extensions for a cert using the right libctx.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11457)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_rsa.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index ac9d01a766..09b965fc19 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -1055,9 +1055,15 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr int j; int rv; CERT *c = ssl != NULL ? ssl->cert : ctx->cert; + SSL_CTX *actualctx = ssl == NULL ? ctx : ssl->ctx; STACK_OF(X509) *dup_chain = NULL; EVP_PKEY *pubkey = NULL; + if (!X509v3_cache_extensions(x509, actualctx->libctx, actualctx->propq)) { + SSLerr(0, ERR_R_X509_LIB); + goto out; + } + /* Do all security checks before anything else */ rv = ssl_security_cert(ssl, ctx, x509, 0, 1); if (rv != 1) { |