Viktor Dukhovni 69664d6af0 Future proof build_chain() in x509_vfy.c ... Coverity reports a potential NULL deref when "2 0 0" DANE trust-anchors from DNS are configured via SSL_dane_tlsa_add() and X509_STORE_CTX_init() is called with a NULL stack of untrusted certificates. Since ssl_verify_cert_chain() always provideds a non-NULL stack of untrusted certs, and no other code path enables DANE, the problem can only happen in applications that use SSL_CTX_set_cert_verify_callback() to implement their own wrappers around X509_verify_cert() passing only the leaf certificate to the latter. Regardless of the "improbability" of the problem, we do need to ensure that build_chain() handles this case correctly. Reviewed-by: Matt Caswell <matt@openssl.org>		2016-04-27 14:42:38 -04:00
..
build.info	move x_pubkey.c to crypto/x509	2016-03-22 15:28:11 +00:00
by_dir.c
by_file.c	Make many X509_xxx types opaque.	2016-04-15 13:21:43 -04:00
t_crl.c
t_req.c
t_x509.c
x509_att.c
x509_cmp.c	Make X509_PUBKEY opaque	2016-03-22 15:28:11 +00:00
x509_d2.c
x509_def.c
x509_err.c	Make many X509_xxx types opaque.	2016-04-15 13:21:43 -04:00
x509_ext.c
x509_lcl.h	Make many X509_xxx types opaque.	2016-04-15 13:21:43 -04:00
x509_lu.c	GH975 Add ex_data functions for X509_STORE	2016-04-27 08:23:53 -04:00
x509_obj.c
x509_r2x.c	Use X509_REQ_get0_pubkey	2016-04-04 20:38:14 +02:00
x509_req.c	Add X509_REQ_get0_pubkey method	2016-04-04 20:38:11 +02:00
x509_set.c
x509_trs.c
x509_txt.c	Move peer chain security checks into x509_vfy.c	2016-04-03 11:35:35 -04:00
x509_v3.c
x509_vfy.c	Future proof build_chain() in x509_vfy.c	2016-04-27 14:42:38 -04:00
x509_vpm.c	Move peer chain security checks into x509_vfy.c	2016-04-03 11:35:35 -04:00
x509cset.c
x509name.c
x509rset.c
x509spki.c
x509type.c
x_all.c	Fix no-ocsp	2016-04-06 14:57:45 +01:00
x_attrib.c
x_crl.c
x_exten.c
x_name.c
x_pubkey.c	Fix X509_PUBKEY cached key handling.	2016-04-02 17:34:27 +01:00
x_req.c
x_x509.c	Ensure we check i2d_X509 return val	2016-04-26 14:29:54 +01:00
x_x509a.c