summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/x509/x509_verify.c13
1 files changed, 4 insertions, 9 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index 21b391c76c..18d395d273 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_verify.c,v 1.38 2021/07/10 15:52:59 beck Exp $ */ 1/* $OpenBSD: x509_verify.c,v 1.39 2021/07/12 15:12:38 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -829,14 +829,9 @@ x509_verify_validate_constraints(X509 *cert,
829static int 829static int
830x509_verify_cert_extensions(struct x509_verify_ctx *ctx, X509 *cert, int need_ca) 830x509_verify_cert_extensions(struct x509_verify_ctx *ctx, X509 *cert, int need_ca)
831{ 831{
832 if (!(cert->ex_flags & EXFLAG_SET)) { 832 if (!x509_verify_cert_cache_extensions(cert)) {
833 CRYPTO_w_lock(CRYPTO_LOCK_X509); 833 ctx->error = X509_V_ERR_UNSPECIFIED;
834 x509v3_cache_extensions(cert); 834 return 0;
835 CRYPTO_w_unlock(CRYPTO_LOCK_X509);
836 if (cert->ex_flags & EXFLAG_INVALID) {
837 ctx->error = X509_V_ERR_UNSPECIFIED;
838 return 0;
839 }
840 } 835 }
841 836
842 if (ctx->xsc != NULL) 837 if (ctx->xsc != NULL)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 20:01:54 +0000