generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix for partial chain notification.

Browse Source 
For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
(cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)
This commit is contained in:
Dr. Stephen Henson 2013-12-13 14:05:32 +00:00
parent 7af31968dd
commit 102302b05b
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/x509/x509_vfy.c
View File

@ -1753,7 +1753,10 @@ static int internal_verify(X509_STORE_CTX *ctx)
else else
{ {
if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0) if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
return check_cert_time(ctx, xi); {
xs = xi;
goto check_cert;
}
if (n <= 0) if (n <= 0)
{ {
ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
@ -1804,6 +1807,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
xs->valid = 1; xs->valid = 1;
check_cert:
ok = check_cert_time(ctx, xs); ok = check_cert_time(ctx, xs);
if (!ok) if (!ok)
goto end; goto end;