Viewing all changes in revision 626.
- Committer: Peter Jones
- Date: 2018-08-01 15:04:18 UTC
- Revision ID: git-v1:cce5e4ce2f94e07730ac246ba9b47387da8d2016
Cryptlib: Apply the less strict CA check
Since openssl < 1.1.0 didn't check the x509 v3 extension strictly, a CA
certificate without the CA flag in the basic constraints or KeyCertSign
in the key usage was still loaded to verify EFI images.
We relax the check for now. In the future, the workaround should be
removed.
Signed-off-by: Gary Lin <glin@suse.com>
Since openssl < 1.1.0 didn't check the x509 v3 extension strictly, a CA
certificate without the CA flag in the basic constraints or KeyCertSign
in the key usage was still loaded to verify EFI images.
We relax the check for now. In the future, the workaround should be
removed.
Signed-off-by: Gary Lin <glin@suse.com>
- files modified:
- Cryptlib/Include/CrtLibSupport.h
expand all
collapse all
added
removed
