Thank you so much for the review, Viktor.
On 1/8/2018 5:57 PM, Viktor Dukhovni wrote:
On Jan 8, 2018, at 5:46 PM, Misaki Miyashita <misaki.miyash...@oracle.com>
wrote:
I would like to suggest the following fix so that a valid certificate at <hash>.x can
be recognized during the cert validation even when <hash>.0 is linking to a
bad/expired certificate. This may not be the most elegant solution, but it is a minimal
change with low impact to the rest of the code.
The patch looks wrong to me. It seems to have a memory leak.
It is also not clear that with CApath all the certificates will
already be loaded, so the iterator may not find the desired
matching element.
I will look into the code to see if there is a memory leak issue.
However, we have tested internally and all certificates (valid and
invalid) were loaded, and the suggested fix is able to identify the
matching valid certificate.
Could I possibly get a review on the change? and possibly be considered to be
integrated to the upstream?
(This is for the 1.0.1 branch)
The 1.0.1 branch is no longer supported.
Sorry, that was a typo :-( I meant the 1.0.2 branch.
-- misaki
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
