[tnozaki-openssl] CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored

Takehiko NOZAKI reporter

BUGFIX: Issue ~~#346~~ - CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored

Original commit message: Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs

Even though we check the leaf cert to confirm it is valid, we later ignored the invalid flag and did not notice that the leaf cert was bad.

Fixes: CVE-2023-0465

→ <<cset 0dac9bf49787>>

Comments (2)

Takehiko NOZAKI reporter
- changed status to resolved
done <<cset:0dac9bf4978787eb87d5d1146b374f257aa5d210>>
- 2023-12-16T16:17:06+00:00
Takehiko NOZAKI reporter
BUGFIX: Issue ~~#346~~ - CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored

Cherry-picked from: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95

Original commit message: Ensure that EXFLAG_INVALID_POLICY is checked even in leaf certs

Even though we check the leaf cert to confirm it is valid, we later ignored the invalid flag and did not notice that the leaf cert was bad.

Fixes: CVE-2023-0465

Reviewed-by: Hugo Landau hlandau@openssl.org Reviewed-by: Tomas Mraz tomas@openssl.org (Merged from https://github.com/openssl/openssl/pull/20588)

→ <<cset 0dac9bf49787>>
- 2023-12-16T16:59:00+00:00
Log in to comment