diff options
| author | Rob Austein <sra@hactrn.net> | 2006-08-15 19:37:49 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2006-08-15 19:37:49 +0000 |
| commit | 5f19d765e7ba4bca5d1caf0bc8d4ea7d4be6f911 (patch) | |
| tree | 725dd57ee0207629db1598a0571296c4daed1524 | |
| parent | ed65e95bdaec83b85b301c6d01ad264a7a535732 (diff) | |
note on policy checking code bug
svn path=/openssl/README; revision=151
| -rw-r--r-- | openssl/README | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/openssl/README b/openssl/README index 73366d21..1e0c6fb8 100644 --- a/openssl/README +++ b/openssl/README @@ -314,3 +314,13 @@ Random reminders and notes to myself: - I need to rewrite the path validation code anyway to allow null inheritance, per mailing list discussion. + +- May need to check AKID in crypto/x509/x509_vfy.c:get_crl(). + +- Bug in policy checking code (may not matter): if one attempts to + check policy on a trust anchor, crypto/x509v3/pcy_tree:tree_init() + returns success ("Can't do anythign with just a trust anchor") which + X509_policy_check() line 634 interprets as a malloc failure because + there's no policy tree data structure. Presumably we should just + return success here instead? + |