Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Enable X509_V_FLAG_TRUSTED_FIRST flag in BoringSSL #31214

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions patches/boringssl/.patches
@@ -1,3 +1,4 @@
expose_ripemd160.patch
expose_aes-cfb.patch
expose_des-ede3.patch
enable_x509_v_flag_trusted_first_flag.patch
20 changes: 20 additions & 0 deletions patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch
@@ -0,0 +1,20 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Juan Cruz Viotti <jv@jviotti.com>
Date: Thu, 30 Sep 2021 13:39:23 -0400
Subject: Enable X509_V_FLAG_TRUSTED_FIRST flag

Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index d8d1efe883321510e4da1aab2cd78378e395c2b2..a371d611dbb2ea7a287a3cb117c3e3d0e1a925b6 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -548,7 +548,7 @@ static const X509_VERIFY_PARAM default_table[] = {
(char *)"default", /* X509 default parameters */
0, /* Check time */
0, /* internal flags */
- 0, /* flags */
+ X509_V_FLAG_TRUSTED_FIRST, /* flags */
0, /* purpose */
0, /* trust */
100, /* depth */