mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Explicitly cache the X509v3_extensions in one more place in libssl

Browse Source 
Make sure we cache the extensions for a cert using the right libctx.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11457)
This commit is contained in:
Matt Caswell 2020-04-01 16:10:08 +01:00
parent 0c56a64829
commit e66c37deb6
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ssl/ssl_rsa.c
View File

@ -1055,9 +1055,15 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
int j;
int rv;
CERT *c = ssl != NULL ? ssl->cert : ctx->cert;
SSL_CTX *actualctx = ssl == NULL ? ctx : ssl->ctx;
STACK_OF(X509) *dup_chain = NULL;
EVP_PKEY *pubkey = NULL;
if (!X509v3_cache_extensions(x509, actualctx->libctx, actualctx->propq)) {
SSLerr(0, ERR_R_X509_LIB);
goto out;
}
/* Do all security checks before anything else */
rv = ssl_security_cert(ssl, ctx, x509, 0, 1);
if (rv != 1) {