Don't allow invalid SCT lists to be set. This change causes SSL_CTX_set_signed_cert_timestamp_list to check the SCT list for shallow validity before allowing it to be set. Change-Id: Ib8a1fe185224ff02ed4ce53a0109e60d934e96b3 Reviewed-on: https://boringssl-review.googlesource.com/12401 Commit-Queue: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: David Benjamin <davidben@google.com>

commit: 9b885c5d0fe1a89b2063654dbdd0faf2a6c076fd [log] [tgz]
author: Adam Langley <agl@google.com> Fri Nov 18 14:21:03 2016 -0800
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Sat Nov 19 00:24:18 2016 +0000
tree: b2b7a2166c7e65f926db50407e6e0268259476cb
parent: 6f5f49f33d88f446f7f690bf991e835d5137af6c [diff] [blame]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index e39fa89..f5b9f9d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -4551,6 +4551,7 @@
 #define SSL_R_NO_SHARED_GROUP 266
 #define SSL_R_PRE_SHARED_KEY_MUST_BE_LAST 267
 #define SSL_R_OLD_SESSION_PRF_HASH_MISMATCH 268
+#define SSL_R_INVALID_SCT_LIST 269
 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
commit	9b885c5d0fe1a89b2063654dbdd0faf2a6c076fd	[log] [tgz]
author	Adam Langley <agl@google.com>	Fri Nov 18 14:21:03 2016 -0800
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Sat Nov 19 00:24:18 2016 +0000
tree	b2b7a2166c7e65f926db50407e6e0268259476cb
parent	6f5f49f33d88f446f7f690bf991e835d5137af6c [diff] [blame]