summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/x509/x509_trs.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index 72d616a106..a967edf933 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_trs.c,v 1.25 2021/11/01 20:53:08 tb Exp $ */ 1/* $OpenBSD: x509_trs.c,v 1.26 2022/11/10 16:52:19 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999. 3 * project 1999.
4 */ 4 */
@@ -322,7 +322,7 @@ static int
322obj_trust(int id, X509 *x, int flags) 322obj_trust(int id, X509 *x, int flags)
323{ 323{
324 ASN1_OBJECT *obj; 324 ASN1_OBJECT *obj;
325 int i; 325 int i, nid;
326 X509_CERT_AUX *ax; 326 X509_CERT_AUX *ax;
327 327
328 ax = x->aux; 328 ax = x->aux;
@@ -331,14 +331,16 @@ obj_trust(int id, X509 *x, int flags)
331 if (ax->reject) { 331 if (ax->reject) {
332 for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { 332 for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
333 obj = sk_ASN1_OBJECT_value(ax->reject, i); 333 obj = sk_ASN1_OBJECT_value(ax->reject, i);
334 if (OBJ_obj2nid(obj) == id) 334 nid = OBJ_obj2nid(obj);
335 if (nid == id || nid == NID_anyExtendedKeyUsage)
335 return X509_TRUST_REJECTED; 336 return X509_TRUST_REJECTED;
336 } 337 }
337 } 338 }
338 if (ax->trust) { 339 if (ax->trust) {
339 for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { 340 for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
340 obj = sk_ASN1_OBJECT_value(ax->trust, i); 341 obj = sk_ASN1_OBJECT_value(ax->trust, i);
341 if (OBJ_obj2nid(obj) == id) 342 nid = OBJ_obj2nid(obj);
343 if (nid == id || nid == NID_anyExtendedKeyUsage)
342 return X509_TRUST_TRUSTED; 344 return X509_TRUST_TRUSTED;
343 } 345 }
344 } 346 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 13:49:40 +0000