Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Enable X509_V_FLAG_TRUSTED_FIRST flag in BoringSSL #31217

Merged
merged 1 commit into from Sep 30, 2021
Merged

fix: Enable X509_V_FLAG_TRUSTED_FIRST flag in BoringSSL #31217

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions patches/boringssl/.patches
View file
Open in desktop
Expand Up @@ -3,3 +3,4 @@ expose_aes-cfb.patch
expose_des-ede3.patch
fix_sync_evp_get_cipherbynid_and_evp_get_cipherbyname.patch
add_maskhash_to_rsa_pss_params_st_for_compat.patch
enable_x509_v_flag_trusted_first_flag.patch
20 changes: 20 additions & 0 deletions patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch
View file
Open in desktop
@@ -0,0 +1,20 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Juan Cruz Viotti <jv@jviotti.com>
Date: Thu, 30 Sep 2021 13:39:23 -0400
Subject: Enable X509_V_FLAG_TRUSTED_FIRST flag

Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 5a881d64c30076404cc800fff9e943bb0b30d2ac..29d5341efc8eb7ae6f90bdde5a8032e99f75c98e 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -528,7 +528,7 @@ static const X509_VERIFY_PARAM default_table[] = {
(char *)"default", /* X509 default parameters */
0, /* Check time */
0, /* internal flags */
- 0, /* flags */
+ X509_V_FLAG_TRUSTED_FIRST, /* flags */
0, /* purpose */
0, /* trust */
100, /* depth */