| Patrick Williams | c124f4f | 2015-09-15 14:41:29 -0500 | [diff] [blame] | 1 | From: Raphael Geissert <geissert@debian.org> |
| 2 | Description: make X509_verify_cert indicate that any certificate whose |
| 3 | name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked. |
| 4 | Forwarded: not-needed |
| 5 | Origin: vendor |
| 6 | Last-Update: 2011-11-05 |
| 7 | |
| 8 | Upstream-Status: Backport [debian] |
| 9 | |
| 10 | |
| 11 | Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c |
| 12 | =================================================================== |
| 13 | --- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100 |
| 14 | +++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100 |
| 15 | @@ -964,10 +964,11 @@ |
| 16 | for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) |
| 17 | { |
| 18 | x = sk_X509_value(ctx->chain, i); |
| 19 | - /* Mark DigiNotar certificates as revoked, no matter |
| 20 | - * where in the chain they are. |
| 21 | + /* Mark certificates containing the following names as |
| 22 | + * revoked, no matter where in the chain they are. |
| 23 | */ |
| 24 | - if (x->name && strstr(x->name, "DigiNotar")) |
| 25 | + if (x->name && (strstr(x->name, "DigiNotar") || |
| 26 | + strstr(x->name, "Digicert Sdn. Bhd."))) |
| 27 | { |
| 28 | ctx->error = X509_V_ERR_CERT_REVOKED; |
| 29 | ctx->error_depth = i; |