BUG/MINOR: ssl: we may only ignore the first 64 errors
We have the ability per bind option to ignore certain errors (CA, crt, ...),
and for this we use a 64-bit field. In issue #479 coverity reports a risk of
too large a left shift. For now as of OpenSSL 1.1.1 the highest error value
that may be reported by X509_STORE_CTX_get_error() seems to be around 50 so
there should be no risk yet, but it's enough of a warning to add a check so
that we don't accidently hide random errors in the future.
This may be backported to relevant stable branches.
(cherry picked from commit 731248f0dbba03688e433789790f65580a472151)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 3017d288dfd42e632e1c18575c356ec4ae5e297d)
Signed-off-by: Willy Tarreau <w@1wt.eu>
1 file changed