Use legacy verifier when building auto chains.

The new verifier builds all chains, starting with the shortest possible
path. It also does not currently return partial chains. Both of these
things conflict with auto chain, where we want to build the longest
possible chain (to include all intermediates, and probably the root
unnecessarily), as well as using an incomplete chain when a trusted chain
is not known.

Depending on software configuration, we can end up building a chain
consisting only of a leaf certificate, rather than a longer chain. This
results in auto chain not including intermediates, which is undesireable.
For now, switch auto chain building to use the legacy verifier.

This should resolve the issues encountered by ajacoutot@ with sendmail.

ok tb@

1 files changed, 3 insertions, 1 deletions

diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 081b374396..6480b45bec 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.21 2020/10/14 16:57:33 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.22 2021/01/05 17:14:46 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -408,6 +408,8 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk)
                         SSLerror(s, ERR_R_X509_LIB);
                         goto err;
                 }
+                X509_VERIFY_PARAM_set_flags(X509_STORE_CTX_get0_param(xs_ctx),
+                    X509_V_FLAG_LEGACY_VERIFY);
                 X509_verify_cert(xs_ctx);
                 ERR_clear_error();
                 chain = xs_ctx->chain;