fix: Enable X509_V_FLAG_TRUSTED_FIRST flag in BoringSSL (#31214)

* fix: Enable X509_V_FLAG_TRUSTED_FIRST flag in BoringSSL Fixes: #31212 Signed-off-by: Juan Cruz Viotti <jv@jviotti.com> * Update .patches * chore: update patches Co-authored-by: Juan Cruz Viotti <jv@jviotti.com> Co-authored-by: Samuel Attard <sam@electronjs.org> Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
electron · Sep 30, 2021 · 504ecb4 · 504ecb4
1 parent 8a9811a
commit 504ecb4
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/patches/boringssl/.patches b/patches/boringssl/.patches
@@ -1,3 +1,4 @@
 expose_ripemd160.patch
 expose_aes-cfb.patch
 expose_des-ede3.patch
+enable_x509_v_flag_trusted_first_flag.patch
diff --git a/patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch b/patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch
@@ -0,0 +1,20 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Juan Cruz Viotti <jv@jviotti.com>
+Date: Thu, 30 Sep 2021 13:39:23 -0400
+Subject: Enable X509_V_FLAG_TRUSTED_FIRST flag
+
+Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>
+
+diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
+index d8d1efe883321510e4da1aab2cd78378e395c2b2..a371d611dbb2ea7a287a3cb117c3e3d0e1a925b6 100644
+--- a/crypto/x509/x509_vpm.c
++++ b/crypto/x509/x509_vpm.c
+@@ -548,7 +548,7 @@ static const X509_VERIFY_PARAM default_table[] = {
+      (char *)"default",         /* X509 default parameters */
+      0,                         /* Check time */
+      0,                         /* internal flags */
+-     0,                         /* flags */
++     X509_V_FLAG_TRUSTED_FIRST, /* flags */
+      0,                         /* purpose */
+      0,                         /* trust */
+      100,                       /* depth */