From af822c67a9a1eb942bf4ccd759e38b90daf24eff Mon Sep 17 00:00:00 2001 From: Juan Cruz Viotti Date: Thu, 30 Sep 2021 16:22:14 -0400 Subject: [PATCH] fix: Enable X509_V_FLAG_TRUSTED_FIRST flag in BoringSSL (#31213) Fixes: https://github.com/electron/electron/issues/31212 Signed-off-by: Juan Cruz Viotti --- patches/boringssl/.patches | 1 + ...nable_x509_v_flag_trusted_first_flag.patch | 20 +++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch diff --git a/patches/boringssl/.patches b/patches/boringssl/.patches index f9faf6f4bfbe1..ea99b0d7e721e 100644 --- a/patches/boringssl/.patches +++ b/patches/boringssl/.patches @@ -3,3 +3,4 @@ expose_aes-cfb.patch expose_des-ede3.patch fix_sync_evp_get_cipherbynid_and_evp_get_cipherbyname.patch add_maskhash_to_rsa_pss_params_st_for_compat.patch +enable_x509_v_flag_trusted_first_flag.patch diff --git a/patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch b/patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch new file mode 100644 index 0000000000000..5c3c96ccb3f4e --- /dev/null +++ b/patches/boringssl/enable_x509_v_flag_trusted_first_flag.patch @@ -0,0 +1,20 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Juan Cruz Viotti +Date: Thu, 30 Sep 2021 13:39:23 -0400 +Subject: Enable X509_V_FLAG_TRUSTED_FIRST flag + +Signed-off-by: Juan Cruz Viotti + +diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c +index 5a881d64c30076404cc800fff9e943bb0b30d2ac..29d5341efc8eb7ae6f90bdde5a8032e99f75c98e 100644 +--- a/crypto/x509/x509_vpm.c ++++ b/crypto/x509/x509_vpm.c +@@ -528,7 +528,7 @@ static const X509_VERIFY_PARAM default_table[] = { + (char *)"default", /* X509 default parameters */ + 0, /* Check time */ + 0, /* internal flags */ +- 0, /* flags */ ++ X509_V_FLAG_TRUSTED_FIRST, /* flags */ + 0, /* purpose */ + 0, /* trust */ + 100, /* depth */