CVE-2023-0466

*** Pendiente de traducción *** The function X509_VERIFY_PARAM_add0_policy() is documented to<br /> implicitly enable the certificate policy check when doing certificate<br /> verification. However the implementation of the function does not<br /> enable the check which allows certificates with invalid or incorrect<br /> policies to pass the certificate verification.<br /> <br /> As suddenly enabling the policy check could break existing deployments it was<br /> decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()<br /> function.<br /> <br /> Instead the applications that require OpenSSL to perform certificate<br /> policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly<br /> enable the policy check by calling X509_VERIFY_PARAM_set_flags() with<br /> the X509_V_FLAG_POLICY_CHECK flag argument.<br /> <br /> Certificate policy checks are disabled by default in OpenSSL and are not<br /> commonly used by applications.