The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification.
6.5 Medium
AI Score
Confidence
0.001 Low
EPSS
Percentile
47.3%