diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2019-02-26 11:30:23 -0800 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2019-03-05 08:34:43 -0800 |
commit | 86c87e679fe6ecf78bc3c00248e5d6a991301cec (patch) | |
tree | d665d76e8c894ffd4c347231897b88a8d55f7e31 /deps/openssl/openssl/crypto/x509/x509_vfy.c | |
parent | cbb783693119f3b8a013982ae25be520a9d47b5b (diff) | |
download | android-node-v8-86c87e679fe6ecf78bc3c00248e5d6a991301cec.tar.gz android-node-v8-86c87e679fe6ecf78bc3c00248e5d6a991301cec.tar.bz2 android-node-v8-86c87e679fe6ecf78bc3c00248e5d6a991301cec.zip |
deps: upgrade openssl sources to 1.1.1b
This updates all sources in deps/openssl/openssl with openssl-1.1.1b.
PR-URL: https://github.com/nodejs/node/pull/26327
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Diffstat (limited to 'deps/openssl/openssl/crypto/x509/x509_vfy.c')
-rw-r--r-- | deps/openssl/openssl/crypto/x509/x509_vfy.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/deps/openssl/openssl/crypto/x509/x509_vfy.c b/deps/openssl/openssl/crypto/x509/x509_vfy.c index 61e81922b4..4ced716e36 100644 --- a/deps/openssl/openssl/crypto/x509/x509_vfy.c +++ b/deps/openssl/openssl/crypto/x509/x509_vfy.c @@ -3232,12 +3232,19 @@ static int check_key_level(X509_STORE_CTX *ctx, X509 *cert) EVP_PKEY *pkey = X509_get0_pubkey(cert); int level = ctx->param->auth_level; + /* + * At security level zero, return without checking for a supported public + * key type. Some engines support key types not understood outside the + * engine, and we only need to understand the key when enforcing a security + * floor. + */ + if (level <= 0) + return 1; + /* Unsupported or malformed keys are not secure */ if (pkey == NULL) return 0; - if (level <= 0) - return 1; if (level > NUM_AUTH_LEVELS) level = NUM_AUTH_LEVELS; |