root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
38,030 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

6 Commits

Author SHA1 Message Date
David Benjamin 9a8d7dc142 Clear the extension list when removing the last extension 
The extensions list in a certificate, CRL, and CRL entry is defined as:

    ... extensions      [3]  EXPLICIT Extensions OPTIONAL ...
    ... crlEntryExtensions      Extensions OPTIONAL ...
    ... crlExtensions           [0]  EXPLICIT Extensions OPTIONAL ...

    Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension

This means that a present but empty extensions list is actually invalid.
Rather, if you have no extensions to encode, you are meant to omit the
list altogether. Fix the delete_ext functions to handle this correctly.

This would mostly be moot, as an application adding extensions only to
delete them all would be unusual. However, #13658 implemented a slightly
roundabout design where, to omit SKID/AKID, the library first puts them
in and then the command-line tool detects some placeholder values and
deletes the extension again.

Fixes #28397

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28398)
 2025-09-09 11:12:57 +02:00
openssl-machine e66332418f Copyright year updates 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Release: yes
 2025-09-02 13:05:45 +00:00
Tomas Mraz a3af1c036c test: Silence warnings on Win64 builds 
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27806)
 2025-07-02 17:26:26 +02:00
Tomas Mraz 7ed6de997f Copyright year updates 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
 2024-09-05 09:35:49 +02:00
Tomas Mraz 2f0b4974df Add test for ASN1_item_verify() 
This is a test for https://github.com/openssl/openssl/issues/24575
Original idea by Theo Buehler.

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24576)
 2024-06-21 10:03:42 +02:00
slontis 29d4d8e80e Add test for X509 sign TBS cache regression. 
See Issue #19388.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19406)
 2022-11-02 11:14:32 +01:00