From ff0bc86021a7983c9dcdeff4d8c77b1d712aa2ea Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Wed, 17 Nov 2021 17:21:21 +0000 Subject: [PATCH] OpenSSL 3: normalize self-signed-cert error message The message changed between OpenSSL 1.1 and 3.0 - we just use the old one to not mess up the external test baselines. --- src/file_analysis/analyzer/x509/functions.bif | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/file_analysis/analyzer/x509/functions.bif b/src/file_analysis/analyzer/x509/functions.bif index 2a41969e21..d288cb2147 100644 --- a/src/file_analysis/analyzer/x509/functions.bif +++ b/src/file_analysis/analyzer/x509/functions.bif @@ -628,7 +628,12 @@ function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_str x509_verify_chainerror: - auto rrecord = x509_result_record(X509_STORE_CTX_get_error(csc), X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc)), std::move(chainVector)); + auto error_string = X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc)); + // this string representation changed between OpenSSL 1 and 3 and messes up our test baselines. + if ( X509_STORE_CTX_get_error(csc) == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ) + error_string = "self signed certificate"; + + auto rrecord = x509_result_record(X509_STORE_CTX_get_error(csc), error_string, std::move(chainVector)); X509_STORE_CTX_cleanup(csc); X509_STORE_CTX_free(csc);