Skip to content

Commit

Permalink
mk-ca-bundle.pl: Use stricter logic to process the certificates
Browse files Browse the repository at this point in the history
.. and bump version to 1.29.

This change makes the script properly ignore unknown blocks and
otherwise fail when Mozilla changes the certdata format in ways we
don't expect. Though this is less flexible behavior it makes it far less
likely that an invalid certificate can slip through.

Prior to this change the state machine did not always properly reset,
and it was possible that a certificate marked as invalid could then
later be marked as valid when there was conflicting trust info or
an unknown block was erroneously processed as part of the certificate.

Ref: curl#7801 (review)

Closes curl#8411
  • Loading branch information
jay committed Mar 18, 2022
1 parent 265c50b commit 45cb662
Showing 1 changed file with 188 additions and 102 deletions.
Loading
Oops, something went wrong.

0 comments on commit 45cb662

Please sign in to comment.