import 0.9.7c

author: markus <> 2003-11-11 21:21:30 +0000
committer: markus <> 2003-11-11 21:21:30 +0000
commit: 9c1aa44a1eacea897c0432e796b205b8484ff4d2 (patch)
tree: 5dcca7a2baa0fb63d6886729918ea26b68578561 /src/lib/libcrypto/x509
parent: 1c98a87f0daac81245653c227eb2f2508a22a965 (diff)
download: openbsd-9c1aa44a1eacea897c0432e796b205b8484ff4d2.tar.gz
openbsd-9c1aa44a1eacea897c0432e796b205b8484ff4d2.tar.bz2
openbsd-9c1aa44a1eacea897c0432e796b205b8484ff4d2.zip
3 files changed, 7 insertions, 5 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index 17d69ac005..881252608d 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -82,6 +82,7 @@ static X509_TRUST trstandard[] = {
 {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
 {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
 {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
+{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
 {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
 {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
 };
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 552d1e7251..2bb21b443e 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx)
        if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
                return 1;
        if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
-                last = 0;
-        else
                last = sk_X509_num(ctx->chain) - 1;
+        else
+                last = 0;
        for(i = 0; i <= last; i++)
                {
                ctx->error_depth = i;
@@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
                                ok=(*cb)(0,ctx);
                                if (!ok) goto end;
                                }
-                        if (X509_verify(xs,pkey) <= 0)
+                        else if (X509_verify(xs,pkey) <= 0)
                                /* XXX  For the final trusted self-signed cert,
                                 * this is a waste of time.  That check should
                                 * optional so that e.g. 'openssl x509' can be
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
index 8e78b34458..f78c2a6b43 100644
--- a/src/lib/libcrypto/x509/x509type.c
+++ b/src/lib/libcrypto/x509/x509type.c
@@ -99,14 +99,15 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
        case EVP_PKEY_RSA:
                ret|=EVP_PKS_RSA;
                break;
-        case EVP_PKS_DSA:
+        case EVP_PKEY_DSA:
                ret|=EVP_PKS_DSA;
                break;
        default:
                break;
                }
-        if (EVP_PKEY_size(pk) <= 512)
+        if (EVP_PKEY_size(pk) <= 512/8) /* /8 because it's 512 bits we look
+                                           for, not bytes */
                ret|=EVP_PKT_EXP;
        if(pkey==NULL) EVP_PKEY_free(pk);
        return(ret);
author	markus <>	2003-11-11 21:21:30 +0000
committer	markus <>	2003-11-11 21:21:30 +0000
commit	9c1aa44a1eacea897c0432e796b205b8484ff4d2 (patch)
tree	5dcca7a2baa0fb63d6886729918ea26b68578561 /src/lib/libcrypto/x509
parent	1c98a87f0daac81245653c227eb2f2508a22a965 (diff)
download	openbsd-9c1aa44a1eacea897c0432e796b205b8484ff4d2.tar.gz openbsd-9c1aa44a1eacea897c0432e796b205b8484ff4d2.tar.bz2 openbsd-9c1aa44a1eacea897c0432e796b205b8484ff4d2.zip