)]}'
{
  "commit": "89134daffd70531be70cdfdd14e9d0e00903fd3c",
  "tree": "22777085a3dbfcc3ff101614ba39608dfdd2255e",
  "parents": [
    "db614a5677d90e48cfb2c0f8197f1b5168fceea5"
  ],
  "author": {
    "name": "David Benjamin",
    "email": "davidben@google.com",
    "time": "Sun Feb 18 00:17:50 2024 -0500"
  },
  "committer": {
    "name": "Boringssl LUCI CQ",
    "email": "boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com",
    "time": "Mon Feb 26 22:08:59 2024 +0000"
  },
  "message": "Test X509_verify_cert with CAs that share a name\n\nIn that case, we rely on AKID/SKID matches to disambiguate. However,\nOpenSSL\u0027s internal interfaces are not very good at handling this case\nand often work around their own bugs. As a precursor to, hopefully,\ncleaning that up someday, test this, with both direct adding and\nhash_dir.\n\nI\u0027ve just tested the basic case here. Looking at the code, I think\nthere are bugs where, e.g., if CA1 was added directly and CA2 is only\naccessible via hash_dir, X509_STORE_CTX_get1_issuer does not know to\ncheck hash_dir for CA2, because internal interfaces get in the way.\n\nBug: 685\nChange-Id: I32737661c84d6a006cf9d5ae1ec42b3f27437bf0\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66010\nReviewed-by: Bob Beck \u003cbbe@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: David Benjamin \u003cdavidben@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "8b20ade8305a842a3bb0726b536743aab33f578f",
      "old_mode": 33188,
      "old_path": "crypto/x509/x509_test.cc",
      "new_id": "c4fd0b8aae3d32a6ba8d74f0824532396aa88562",
      "new_mode": 33188,
      "new_path": "crypto/x509/x509_test.cc"
    }
  ]
}