diff options
| author | tb <> | 2021-02-26 15:19:41 +0000 |
|---|---|---|
| committer | tb <> | 2021-02-26 15:19:41 +0000 |
| commit | f914bd4f3e8d02ef907d70fad806e645f65d1f16 (patch) | |
| tree | 6211eda717576ccbadddd3c8aba98e9f045382e6 /src/lib | |
| parent | 3f045c3f169355d4b8b237f763dafa09fee95f68 (diff) | |
| download | openbsd-f914bd4f3e8d02ef907d70fad806e645f65d1f16.tar.gz openbsd-f914bd4f3e8d02ef907d70fad806e645f65d1f16.tar.bz2 openbsd-f914bd4f3e8d02ef907d70fad806e645f65d1f16.zip | |
Set is_trusted in x509_verify_ctx_add_chain()
If we're about to add a chain we have a trust path, so we have at least
one trusted certificate. This fixes a thinko from r1.31 and fixes the
openssl(1) cms verify test.
ok jsing (who had the same diff)
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_verify.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c index 02db436b1a..f51ea1d868 100644 --- a/src/lib/libcrypto/x509/x509_verify.c +++ b/src/lib/libcrypto/x509/x509_verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_verify.c,v 1.33 2021/02/25 16:58:59 jsing Exp $ */ | 1 | /* $OpenBSD: x509_verify.c,v 1.34 2021/02/26 15:19:41 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -269,7 +269,7 @@ x509_verify_ctx_add_chain(struct x509_verify_ctx *ctx, | |||
| 269 | ctx->xsc->error = X509_V_OK; | 269 | ctx->xsc->error = X509_V_OK; |
| 270 | ctx->xsc->error_depth = 0; | 270 | ctx->xsc->error_depth = 0; |
| 271 | 271 | ||
| 272 | if (!x509_verify_ctx_set_xsc_chain(ctx, chain, 0, 0)) | 272 | if (!x509_verify_ctx_set_xsc_chain(ctx, chain, 0, 1)) |
| 273 | return 0; | 273 | return 0; |
| 274 | 274 | ||
| 275 | /* | 275 | /* |