diff options
| author | tb <> | 2021-11-24 19:33:24 +0000 |
|---|---|---|
| committer | tb <> | 2021-11-24 19:33:24 +0000 |
| commit | bbc388471898c4f5853fe77c57c8e54f37b1739a (patch) | |
| tree | 32a405ce7b71132d2ab3a48b7ecb8ab2957ceeaf /src | |
| parent | f37b861ecc55322280d6530d61f584aa38ecb624 (diff) | |
| download | openbsd-bbc388471898c4f5853fe77c57c8e54f37b1739a.tar.gz openbsd-bbc388471898c4f5853fe77c57c8e54f37b1739a.tar.bz2 openbsd-bbc388471898c4f5853fe77c57c8e54f37b1739a.zip | |
Fix OCSP_basic_verify() cert chain construction in case the
OCSP_BASICRESP bs contains no certificates.
From David von Oheimb (OpenSSL 121738d1)
ok beck
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_vfy.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c index 0ba906efb1..f3b41032d8 100644 --- a/src/lib/libcrypto/ocsp/ocsp_vfy.c +++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ocsp_vfy.c,v 1.18 2021/11/24 19:29:19 tb Exp $ */ | 1 | /* $OpenBSD: ocsp_vfy.c,v 1.19 2021/11/24 19:33:24 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| @@ -119,8 +119,11 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, | |||
| 119 | goto end; | 119 | goto end; |
| 120 | } | 120 | } |
| 121 | } | 121 | } |
| 122 | } else | 122 | } else if (certs != NULL) { |
| 123 | untrusted = certs; | ||
| 124 | } else { | ||
| 123 | untrusted = bs->certs; | 125 | untrusted = bs->certs; |
| 126 | } | ||
| 124 | init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); | 127 | init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); |
| 125 | if (!init_res) { | 128 | if (!init_res) { |
| 126 | ret = -1; | 129 | ret = -1; |