summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/x509/x509_verify.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index e85c3a64d6..5891bd8df3 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_verify.c,v 1.61 2022/10/17 18:56:54 jsing Exp $ */ 1/* $OpenBSD: x509_verify.c,v 1.62 2023/01/17 23:49:28 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -447,7 +447,8 @@ x509_verify_ctx_validate_legacy_chain(struct x509_verify_ctx *ctx,
447 if (!x509_vfy_check_revocation(ctx->xsc)) 447 if (!x509_vfy_check_revocation(ctx->xsc))
448 goto err; 448 goto err;
449 449
450 if (!x509_vfy_check_policy(ctx->xsc)) 450 if (ctx->xsc->param->flags & X509_V_FLAG_POLICY_CHECK &&
451 !x509_vfy_check_policy(ctx->xsc))
451 goto err; 452 goto err;
452 453
453 ret = 1; 454 ret = 1;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 17:33:18 +0000