Skip to main content
Revision 098f27f9ef8be2a418f76896ee3c824e8709fcf7 authored by Matt Caswell on 17 October 2023, 13:55:48 UTC, committed by Tomas Mraz on 19 October 2023, 09:54:44 UTC
Ignore ping deadline when calculating tick deadline if we can't send
If the CC TX allowance is zero then we cannot send a PING frame at the
moment, so do not take into account the ping deadline when calculating the
tick deadline in that case.

This avoids the hang found by the fuzzer mentioned in
https://github.com/openssl/openssl/pull/22368#issuecomment-1765131727

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22410)
1 parent 56e3032
Raw File
ca-and-certs.cnf

# Comment out the next line to ignore configuration errors
config_diagnostics = 1

CN2 = Brother 2

####################################################################
[ req ]
distinguished_name	= req_distinguished_name
encrypt_rsa_key		= no
default_md		= sha1

[ req_distinguished_name ]
countryName			= Country Name (2 letter code)
countryName_value		= AU
organizationName		= Organization Name (eg, company)
organizationName_value		= Dodgy Brothers
commonName			= Common Name (eg, YOUR name)
commonName_value		= Dodgy CA

####################################################################
[ userreq ]
distinguished_name	= user_dn
encrypt_rsa_key		= no
default_md		= sha256
prompt			= no

[ user_dn ]
countryName		= AU
organizationName	= Dodgy Brothers
0.commonName		= Brother 1
1.commonName		= $ENV::CN2

[ empty ]

[ v3_ee ]
subjectKeyIdentifier	= hash
authorityKeyIdentifier	= keyid,issuer:always
basicConstraints 	= CA:false
keyUsage		= nonRepudiation, digitalSignature, keyEncipherment

[ v3_ee_dsa ]
subjectKeyIdentifier	= hash
authorityKeyIdentifier	= keyid:always
basicConstraints	= CA:false
keyUsage		= nonRepudiation, digitalSignature

[ v3_ee_ec ]
subjectKeyIdentifier	= hash
authorityKeyIdentifier	= keyid:always
basicConstraints	= CA:false
keyUsage		= nonRepudiation, digitalSignature, keyAgreement

####################################################################
[ ca ]
default_ca	= CA_default

[ CA_default ]
dir		= ./demoCA
certs		= $dir/certs
crl_dir		= $dir/crl
database	= $dir/index.txt
new_certs_dir	= $dir/newcerts
certificate	= $dir/cacert.pem
serial		= $dir/serial
crl		= $dir/crl.pem
private_key	= $dir/private/cakey.pem
x509_extensions	= v3_ca
name_opt 	= ca_default
cert_opt 	= ca_default
default_days	= 365
default_crl_days= 30
default_md	= sha1
preserve	= no
policy		= policy_anything

[ policy_anything ]
countryName		= optional
stateOrProvinceName	= optional
localityName		= optional
organizationName	= optional
organizationalUnitName	= optional
commonName		= supplied
emailAddress		= optional

[ v3_ca ]
subjectKeyIdentifier	= hash
authorityKeyIdentifier	= keyid:always,issuer:always
basicConstraints 	= critical,CA:true,pathlen:1
keyUsage		= cRLSign, keyCertSign
issuerAltName		= issuer:copy
back to top