projects / platform / upstream / dotnet / runtime.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9fa908c) | patch
Always commit X.509 chain before Finish
authorKevin Jones <kevin@vcsjones.com>
Thu, 31 Mar 2022 01:22:11 +0000 (21:22 -0400)
committerGitHub <noreply@github.com>
Thu, 31 Mar 2022 01:22:11 +0000 (21:22 -0400)
commit3a088423832db1e7fb4ed0a7a40921b084a5bcba
tree7845f723aecca6a2e1678dcb5d680cf3ff6d0a1etree | snapshot
parent9fa908c6f3e816d1210de70e84a42ea952ccbe81commit | diff
Always commit X.509 chain before Finish

For OpenSSL 3, we need to always commit the chain to clear out the untrusted intermediates. Otherwise, we started getting details about the partial chain that we don't map to codes.

This fixes the behavior so that an AKI/SKI mismatch reports as a partial chain.
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/ChainPal.OpenSsl.cs diff | blob | history
Domain: Dotnet / Core;