generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

If not checking all certificates don't attempt to find a CRL

Browse Source 
for the leaf certificate of a CRL path.
This commit is contained in:
Dr. Stephen Henson 2009-10-23 12:05:54 +00:00
parent d1d746afb4
commit 0c2c2e71a6
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/x509/x509_vfy.c
View File

@ -679,7 +679,12 @@ static int check_revocation(X509_STORE_CTX *ctx)
if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
last = sk_X509_num(ctx->chain) - 1; last = sk_X509_num(ctx->chain) - 1;
else else
{
/* If checking CRL paths this isn't the EE certificate */
if (ctx->parent)
return 1;
last = 0; last = 0;
}
for(i = 0; i <= last; i++) for(i = 0; i <= last; i++)
{ {
ctx->error_depth = i; ctx->error_depth = i;