Skip to content

Fix not ignoring date errors when VERIFY_SKIP_DATE is set #6181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JacobBarthelmeh merged 5 commits into from
Mar 17, 2023
Merged

Fix not ignoring date errors when VERIFY_SKIP_DATE is set #6181

JacobBarthelmeh merged 5 commits into from
Mar 17, 2023

Conversation

@kareem-wolfssl
Copy link
Contributor

@kareem-wolfssl kareem-wolfssl commented Mar 9, 2023
edited
Loading

Description

Fix not ignoring date errors when VERIFY_SKIP_DATE is set
Fix unit test failure when building OPENSSL_EXTRA without HAVE_EXT_CACHE.
Allow alternative absolute URI syntax in certificate general name.

Fixes zd# 15767 15773 15751

Testing

Built in tests

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@kareem-wolfssl kareem-wolfssl self-assigned this Mar 9, 2023
JacobBarthelmeh
JacobBarthelmeh requested changes Mar 10, 2023
View reviewed changes
Copy link
Contributor

@JacobBarthelmeh JacobBarthelmeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need some regression tests added for these issues.

@lealem47 lealem47 mentioned this pull request Mar 10, 2023
Merged
4 tasks
@kareem-wolfssl kareem-wolfssl added the For This Release Release version 5.8.4 label Mar 16, 2023
@kareem-wolfssl
Copy link
Contributor Author

kareem-wolfssl commented Mar 16, 2023

We need some regression tests added for these issues.

Added unit test for absolute URN case.
For the first issue, it looks like there is already a test for the failing case of loading an expired CA cert with wolfSSL_CTX_load_verify_buffer_ex using WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY. I am not clear why this was not failing.

@kareem-wolfssl kareem-wolfssl mentioned this pull request Mar 16, 2023
Closed
@JacobBarthelmeh
Copy link
Contributor

JacobBarthelmeh commented Mar 16, 2023

Please update the renewcerts.sh script in this PR too for the new certificate. The goal is that running that one script updates all of the certificates in ./certs directory.

@kareem-wolfssl
Copy link
Contributor Author

kareem-wolfssl commented Mar 16, 2023

Woops, had that updated but git lost track of it. Fixed.

@JacobBarthelmeh JacobBarthelmeh merged commit 06d970c into wolfSSL:master Mar 17, 2023
@kareem-wolfssl kareem-wolfssl mentioned this pull request Dec 16, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JacobBarthelmeh JacobBarthelmeh JacobBarthelmeh approved these changes

Assignees

@JacobBarthelmeh JacobBarthelmeh

@kareem-wolfssl kareem-wolfssl

Labels

For This Release Release version 5.8.4

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kareem-wolfssl @JacobBarthelmeh