[MacPorts] #46596: openssl @1.0.1k breaks certificate signature verification
MacPorts
noreply at macports.org
Tue Jan 20 20:13:35 PST 2015
#46596: openssl @1.0.1k breaks certificate signature verification
----------------------+-------------------
Reporter: uri@… | Owner: mww@…
Type: defect | Status: new
Priority: High | Milestone:
Component: ports | Version: 2.3.3
Resolution: | Keywords:
Port: openssl |
----------------------+-------------------
Comment (by uri@…):
Oh, and based upon discussion here
[http://rt.openssl.org/Ticket/Display.html?id=3665#txn-50911] I've changed
the patch. Steve Henson correctly pointed out that to change
ASN1_TYPE_cmp() may not be appropriate, as there could be cases when null
pointer (absent list) means something different from list being NULL.
To address that comment, I've made sure the workaround applies only to the
case when two algorithms are compared, based on RFC 5754 and 5280 that
state that AlgorithmIdentifier parameter list can be absent or represented
as ASN.1 NULL - and implementations MUST accept both cases.
So please find attached my updated patch "patch-null-absent.diff". I'm
also posting it upstream.
Thanks!
--
Ticket URL: <https://trac.macports.org/ticket/46596#comment:14>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list