Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs
Even though we check the leaf cert to confirm it is valid, we later ignored the invalid flag and did not notice that the leaf cert was bad. Fixes: CVE-2023-0465 Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20587) Signed-off-by: Ncode4lala <fengziteng2@huawei.com> Change-Id: I510a81e2e970638eb61ebd1d78c07f2559d15c18
Showing
想要评论请 注册 或 登录