CVE-2023-0465: Applications that use a non-default option when verifying certificates may be vulnerable to an...

The vulnerability allows bypassing certificate policy checks when policy processing is enabled and a leaf certificate contains an invalid policy. I could not fetch commit details using the get_commit_infos tool due to the gitweb URL format. However, by manually inspecting the gitweb commit diff URLs provided in the vulnerability details, I identified that the patches primarily modify the static functions check_leaf_certs and check_policy within crypto/x509/x509_vfy.c. These functions are responsible for the actual policy checking logic. The changes involve adding or correcting the handling of EXFLAG_INVALID_POLICY and refining logic related to explicit policy requirements, directly addressing the described flaw where invalid policies were ignored and checks skipped. The OpenSSL advisory and vulnerability description also highlight X509_verify_cert() as the high-level function whose call incorrectly succeeds and X509_VERIFY_PARAM_set1_policies() as the function that enables the vulnerable policy checking mode. Therefore, check_leaf_certs and check_policy are identified as containing the core vulnerability, while X509_verify_cert is a runtime indicator of the exploitation, and X509_VERIFY_PARAM_set1_policies enables the vulnerable pathway.