diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2023-04-20 18:29:09 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-04-20 18:29:09 +0000 |
| commit | c9a96013bb504b74eff365b7134024cbb4da5783 (patch) | |
| tree | a0919b3590033bc7949660f9b710b2dd988aee86 /lib | |
| parent | 454a3cb1913f269e052079d990e2c30ce316e672 (diff) | |
Flip the default of explicitText to UTF8String
While it may have been reasonable to use VisibleString back when this
code was written, it's an anachronism nowadays. In particular, configuring
BoringSSL reports that they have seen malformed certificates with exactly
the issue caused by this unfortuante default.
Reported by Alex Gaynor in OpenSSL issue 20772
ok jsing
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/x509/x509_cpols.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libcrypto/x509/x509_cpols.c b/lib/libcrypto/x509/x509_cpols.c index 3f106c691de..af8f16c9b09 100644 --- a/lib/libcrypto/x509/x509_cpols.c +++ b/lib/libcrypto/x509/x509_cpols.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_cpols.c,v 1.7 2023/02/16 08:38:17 tb Exp $ */ +/* $OpenBSD: x509_cpols.c,v 1.8 2023/04/20 18:29:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -594,7 +594,7 @@ notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org) cnf = sk_CONF_VALUE_value(unot, i); if (!strcmp(cnf->name, "explicitText")) { if (not->exptext == NULL) { - not->exptext = ASN1_VISIBLESTRING_new(); + not->exptext = ASN1_UTF8STRING_new(); if (not->exptext == NULL) goto merr; } |