diff options
Diffstat (limited to 'patches/openssl-1.0.2q/0007-block_digicert_malaysia.patch')
-rw-r--r-- | patches/openssl-1.0.2q/0007-block_digicert_malaysia.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/patches/openssl-1.0.2q/0007-block_digicert_malaysia.patch b/patches/openssl-1.0.2q/0007-block_digicert_malaysia.patch deleted file mode 100644 index e5024163c..000000000 --- a/patches/openssl-1.0.2q/0007-block_digicert_malaysia.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Raphael Geissert <geissert@debian.org> -Date: Tue, 12 Dec 2017 23:35:24 +0100 -Subject: [PATCH] block_digicert_malaysia - -Description: make X509_verify_cert indicate that any certificate whose - name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked. -Forwarded: not-needed -Origin: vendor -Last-Update: 2011-11-05 - -Imported from openssl1.0_1.0.2q-2.debian.tar.xz - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - crypto/x509/x509_vfy.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 77bdb18882ce..f7f8ed76e05b 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -1122,10 +1122,11 @@ static int check_ca_blacklist(X509_STORE_CTX *ctx) - for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) - { - x = sk_X509_value(ctx->chain, i); -- /* Mark DigiNotar certificates as revoked, no matter -- * where in the chain they are. -+ /* Mark certificates containing the following names as -+ * revoked, no matter where in the chain they are. - */ -- if (x->name && strstr(x->name, "DigiNotar")) -+ if (x->name && (strstr(x->name, "DigiNotar") || -+ strstr(x->name, "Digicert Sdn. Bhd."))) - { - ctx->error = X509_V_ERR_CERT_REVOKED; - ctx->error_depth = i; |