Projects
openEuler:20.03:LTS:SP3
edk2
_service:tar_scm_kernel_repo:0048-Fix-documenta...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:0048-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch of Package edk2
From 0cce6ed0febd6bb5f414b81da778cf556dc81393 Mon Sep 17 00:00:00 2001 From: Tomas Mraz <tomas@openssl.org> Date: Tue, 21 Mar 2023 16:15:47 +0100 Subject: [PATCH 04/11] Fix documentation of X509_VERIFY_PARAM_add0_policy() The function was incorrectly documented as enabling policy checking. Fixes: CVE-2023-0466 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> reference: https://github.com/openssl/openssl/pull/20564 Signed-off-by: yexiao <yexiao7@huawei.com> --- .../openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/CryptoPkg/Library/OpensslLib/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/CryptoPkg/Library/OpensslLib/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 7593dea7..102f0c08 100644 --- a/CryptoPkg/Library/OpensslLib/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/CryptoPkg/Library/OpensslLib/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -92,8 +92,9 @@ B<trust>. X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to B<t>. Normally the current time is used. -X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled -by default) and adds B<policy> to the acceptable policy set. +X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. +Contrary to preexisting documentation of this function it does not enable +policy checking. X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled by default) and sets the acceptable policy set to B<policies>. Any existing @@ -374,6 +375,10 @@ and has no effect. The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. +The function X509_VERIFY_PARAM_add0_policy() was historically documented as +enabling policy checking however the implementation has never done this. +The documentation was changed to align with the implementation. + =head1 COPYRIGHT Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved. -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.