generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Policy validation fixes.

Browse Source 
Inhibit any policy count should ignore self issued certificates.
Require explicit policy is the number certificate before an explict policy
is required.
This commit is contained in:
Dr. Stephen Henson 2008-07-30 15:41:42 +00:00
parent 6bcbac0abb
commit 592a207b94
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/x509v3/pcy_tree.c
View File

@ -134,7 +134,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
if (!(x->ex_flags & EXFLAG_SI) if (!(x->ex_flags & EXFLAG_SI)
&& (cache->explicit_skip != -1) && (cache->explicit_skip != -1)
&& (cache->explicit_skip < explicit_policy)) && (cache->explicit_skip < explicit_policy))
explicit_policy = cache->explicit_skip; explicit_policy = cache->explicit_skip + 1;
} }
} }
@ -202,6 +202,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
} }
else else
{ {
if (!(x->ex_flags & EXFLAG_SI))
any_skip--; any_skip--;
if ((cache->any_skip >= 0) if ((cache->any_skip >= 0)
&& (cache->any_skip < any_skip)) && (cache->any_skip < any_skip))