In X509_STORE_get1_issuer() do not call the verify callback from

x509_check_cert_time(). Matches a change made in OpenSSL 70dd3c65. ok jsing
author: tb <> 2021-11-06 12:27:05 +0000
committer: tb <> 2021-11-06 12:27:05 +0000
commit: f7a941809fd72aa44a2d525fb2e61ee97b2b3d7c (patch)
tree: 7eb1d3ffab48920e806fbcbd4f01c0152a26214e /src/lib
parent: d71c73bdc56485d40d873999ea40de0928476155 (diff)
download: openbsd-f7a941809fd72aa44a2d525fb2e61ee97b2b3d7c.tar.gz
openbsd-f7a941809fd72aa44a2d525fb2e61ee97b2b3d7c.tar.bz2
openbsd-f7a941809fd72aa44a2d525fb2e61ee97b2b3d7c.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index 1a8c079fde..c47e8f9dd1 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.49 2021/11/06 07:18:18 tb Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.50 2021/11/06 12:27:05 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -697,7 +697,7 @@ X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
                return 0;
        /* If certificate matches all OK */
        if (ctx->check_issued(ctx, x, obj.data.x509)) {
-                if (x509_check_cert_time(ctx, obj.data.x509, 1)) {
+                if (x509_check_cert_time(ctx, obj.data.x509, -1)) {
                        *issuer = obj.data.x509;
                        return 1;
                }
@@ -730,7 +730,7 @@ X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
                                 * match in issuer so we return nearest
                                 * match if no certificate time is OK.
                                 */
-                                if (x509_check_cert_time(ctx, *issuer, 1))
+                                if (x509_check_cert_time(ctx, *issuer, -1))
                                        break;
                        }
                }
author	tb <>	2021-11-06 12:27:05 +0000
committer	tb <>	2021-11-06 12:27:05 +0000
commit	f7a941809fd72aa44a2d525fb2e61ee97b2b3d7c (patch)
tree	7eb1d3ffab48920e806fbcbd4f01c0152a26214e /src/lib
parent	d71c73bdc56485d40d873999ea40de0928476155 (diff)
download	openbsd-f7a941809fd72aa44a2d525fb2e61ee97b2b3d7c.tar.gz openbsd-f7a941809fd72aa44a2d525fb2e61ee97b2b3d7c.tar.bz2 openbsd-f7a941809fd72aa44a2d525fb2e61ee97b2b3d7c.zip

diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c index 1a8c079fde..c47e8f9dd1 100644 --- a/src/lib/libcrypto/x509/x509_lu.c +++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_lu.c,v 1.49 2021/11/06 07:18:18 tb Exp $ */	1	/* $OpenBSD: x509_lu.c,v 1.50 2021/11/06 12:27:05 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -697,7 +697,7 @@ X509_STORE_CTX_get1_issuer(X509 *issuer, X509_STORE_CTX ctx, X509 *x)
697	return 0;	697	return 0;
698	/* If certificate matches all OK */	698	/* If certificate matches all OK */
699	if (ctx->check_issued(ctx, x, obj.data.x509)) {	699	if (ctx->check_issued(ctx, x, obj.data.x509)) {
700	if (x509_check_cert_time(ctx, obj.data.x509, 1)) {	700	if (x509_check_cert_time(ctx, obj.data.x509, -1)) {
701	*issuer = obj.data.x509;	701	*issuer = obj.data.x509;
702	return 1;	702	return 1;
703	}	703	}
@@ -730,7 +730,7 @@ X509_STORE_CTX_get1_issuer(X509 *issuer, X509_STORE_CTX ctx, X509 *x)
730	* match in issuer so we return nearest	730	* match in issuer so we return nearest
731	* match if no certificate time is OK.	731	* match if no certificate time is OK.
732	*/	732	*/
733	if (x509_check_cert_time(ctx, *issuer, 1))	733	if (x509_check_cert_time(ctx, *issuer, -1))
734	break;	734	break;
735	}	735	}
736	}	736	}