forked from google/boringssl
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Enforce X.509 version invariants more consistently.
This aligns X509_REQ's and X509_CRL's parsers to the changes already made with X509; we reject invalid versions and check that extensions are only with the corresponding version. For now, we still allow X509v1 CRLs with an explicit version, matching certificates. (The DEFAULT question is moot for X509_REQ because CSRs always encode their version, see RFC 2986.) In addition to rejecting garbage, this allows for a more efficient representation once we stop using the table-based parser: X509 and X509_CRL can just store a small enum. X509_REQ doesn't need to store anything because the single version is information-less. Update-Note: Invalid CRL and CSR versions will no longer be accepted. X509_set_version, etc., no longer allow invalid versions. Fixed: 467 Change-Id: I33f3aec747d8060ab80e0cbb8ddf97672e07642c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52605 Reviewed-by: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]>
- Loading branch information
Showing
11 changed files
with
189 additions
and
68 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.