)]}'
{
  "commit": "b2e57a1c132a34938ee3051d57c5dfa2ef64ff42",
  "tree": "0a92c8cf28db9fe3f0b0d3a9b84d21db92f009a4",
  "parents": [
    "1749dc9a70fd9cbb3221c47ef30cffd6fda06846"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Wed Jan 03 13:45:15 2024 -0500"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Thu Jan 04 18:28:58 2024 +0000"
  },
  "message": "Make X509_V_FLAG_NOTIFY_POLICY into a no-op\n\nAll this flag does is cause verify_cb to be called with ok\u003d2 after\npolicy validation happens, breaking the otherwise strict 0/1 behavior of\nthe callback.\n\nWe can\u0027t quite remove the symbol because a lot of bindings libraries\nwrap it without realizing what it does. But no one actually uses it,\nbecause it\u0027s pretty useless. Since we now always (other than the\nbad_chain thing) check policies and that happens last, this flag really\nmeans \"please call the verify callback an extra time at the end with\nok\u003d2\".\n\nUpdate-Note: X509_V_FLAG_NOTIFY_POLICY is now a no-op. This is not\nexpected to impact anyone.\n\nChange-Id: I892a872181d1c1836ef2533ac616edfb6b3b5836\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/65087\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "970deb4d5aab5db8536b8bdf1063e07f5249eb4d",
      "old_mode": 33188,
      "old_path": "crypto/x509/x509_vfy.c",
      "new_id": "e7345a2a45f65e420638657c04bda779629dee64",
      "new_mode": 33188,
      "new_path": "crypto/x509/x509_vfy.c"
    },
    {
      "type": "modify",
      "old_id": "1791baf52c299df85b135c894301d24fd1f73e89",
      "old_mode": 33188,
      "old_path": "include/openssl/x509.h",
      "new_id": "b0dc7257433a1d7c6c8ec4f293deb7cd7969663c",
      "new_mode": 33188,
      "new_path": "include/openssl/x509.h"
    }
  ]
}