aboutsummaryrefslogtreecommitdiffstats
path: root/main/libtls-standalone/openssl-1.1.0-verify-param.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/libtls-standalone/openssl-1.1.0-verify-param.patch')
-rw-r--r--main/libtls-standalone/openssl-1.1.0-verify-param.patch50
1 files changed, 50 insertions, 0 deletions
diff --git a/main/libtls-standalone/openssl-1.1.0-verify-param.patch b/main/libtls-standalone/openssl-1.1.0-verify-param.patch
new file mode 100644
index 0000000000..ef3f948e02
--- /dev/null
+++ b/main/libtls-standalone/openssl-1.1.0-verify-param.patch
@@ -0,0 +1,50 @@
+--- libressl-2.7.4.orig/tls/tls.c
++++ libressl-2.7.4/tls/tls.c
+@@ -438,8 +438,16 @@
+ }
+
+ if (ctx->config->verify_time == 0) {
+- X509_VERIFY_PARAM_set_flags(ssl_ctx->param,
+- X509_V_FLAG_NO_CHECK_TIME);
++ X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
++
++ if (param == NULL) {
++ goto err;
++ }
++
++ X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME);
++ SSL_CTX_set1_param(ssl_ctx, param);
++
++ X509_VERIFY_PARAM_free(param);
+ }
+
+ /* Disable any form of session caching by default */
+@@ -487,6 +495,7 @@
+ STACK_OF(X509_INFO) *xis = NULL;
+ X509_STORE *store;
+ X509_INFO *xi;
++ X509_VERIFY_PARAM *param;
+ BIO *bio = NULL;
+ int rv = -1;
+ int i;
+@@ -548,8 +557,19 @@
+ }
+ xi->crl = NULL;
+ }
+- X509_VERIFY_PARAM_set_flags(store->param,
++
++ param = X509_VERIFY_PARAM_new();
++
++ if (param == NULL) {
++ goto err;
++ }
++
++ X509_VERIFY_PARAM_set_flags(param,
+ X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
++
++ X509_STORE_set1_param(store, param);
++
++ X509_VERIFY_PARAM_free(param);
+ }
+
+ done: