https://bugs.exim.org/show_bug.cgi?id=2198
--- Comment #6 from Git Commit <git@???> ---
Git commit:
https://git.exim.org/exim.git/commitdiff/4f5830fe24fb69e5f1cc11d5bf9d608c256a4c2a
commit 4f5830fe24fb69e5f1cc11d5bf9d608c256a4c2a
Author: Viktor Dukhovni <viktor1dane@???>
AuthorDate: Fri Dec 1 22:13:19 2017 +0000
Commit: Jeremy Harris <jgh146exb@???>
CommitDate: Sat Dec 16 02:21:10 2017 +0000
DANE: fix type-2xx TLSA under older OpenSSL versions Bug 2198
OpenSSL 1.0.1t is known bad. 1.0.2 and 1.1.0 are apparently ok.
---
src/src/dane-openssl.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/src/dane-openssl.c b/src/src/dane-openssl.c
index 33c945d..bb3763a 100644
--- a/src/src/dane-openssl.c
+++ b/src/src/dane-openssl.c
@@ -409,7 +409,7 @@ return 0;
}
static int
-set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid)
+set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj)
{
X509_NAME *name = akid_issuer_name(akid);
@@ -418,7 +418,7 @@ X509_NAME *name = akid_issuer_name(akid);
* must use that.
*/
return X509_set_issuer_name(cert,
- name ? name : X509_get_subject_name(cert));
+ name ? name : subj);
}
static int
@@ -500,7 +500,7 @@ akid = X509_get_ext_d2i(subject,
NID_authority_key_identifier, 0, 0);
*/
if ( !X509_set_version(cert, 2)
|| !set_serial(cert, akid, subject)
- || !set_issuer_name(cert, akid)
+ || !set_issuer_name(cert, akid, name)
|| !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L)
|| !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L)
|| !X509_set_subject_name(cert, name)
--
You are receiving this mail because:
You are on the CC list for the bug.
