1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index b9ba2bee3c..4698d2f8b7 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.51 2021/11/04 23:52:34 beck Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.52 2021/11/07 15:51:23 tb Exp $ */
 /*
 * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
 *
@@ -296,7 +296,7 @@ x509_verify_ctx_set_xsc_chain(struct x509_verify_ctx *ctx,
                return 1;
        /*
-         * XXX last_untrusted is actually the number of untrusted certs at the
+         * XXX num_untrusted is the number of untrusted certs at the
         * bottom of the chain. This works now since we stop at the first
         * trusted cert. This will need fixing once we allow more than one
         * trusted certificate.
@@ -304,7 +304,7 @@ x509_verify_ctx_set_xsc_chain(struct x509_verify_ctx *ctx,
        num_untrusted = sk_X509_num(chain->certs);
        if (is_trusted && num_untrusted > 0)
                num_untrusted--;
-        ctx->xsc->last_untrusted = num_untrusted;
+        ctx->xsc->num_untrusted = num_untrusted;
        sk_X509_pop_free(ctx->xsc->chain, X509_free);
        ctx->xsc->chain = X509_chain_up_ref(chain->certs);

diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c index b9ba2bee3c..4698d2f8b7 100644 --- a/src/lib/libcrypto/x509/x509_verify.c +++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_verify.c,v 1.51 2021/11/04 23:52:34 beck Exp $ */	1	/* $OpenBSD: x509_verify.c,v 1.52 2021/11/07 15:51:23 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -296,7 +296,7 @@ x509_verify_ctx_set_xsc_chain(struct x509_verify_ctx *ctx,
296	return 1;	296	return 1;
297		297
298	/*	298	/*
299	* XXX last_untrusted is actually the number of untrusted certs at the	299	* XXX num_untrusted is the number of untrusted certs at the
300	* bottom of the chain. This works now since we stop at the first	300	* bottom of the chain. This works now since we stop at the first
301	* trusted cert. This will need fixing once we allow more than one	301	* trusted cert. This will need fixing once we allow more than one
302	* trusted certificate.	302	* trusted certificate.
@@ -304,7 +304,7 @@ x509_verify_ctx_set_xsc_chain(struct x509_verify_ctx *ctx,
304	num_untrusted = sk_X509_num(chain->certs);	304	num_untrusted = sk_X509_num(chain->certs);
305	if (is_trusted && num_untrusted > 0)	305	if (is_trusted && num_untrusted > 0)
306	num_untrusted--;	306	num_untrusted--;
307	ctx->xsc->last_untrusted = num_untrusted;	307	ctx->xsc->num_untrusted = num_untrusted;
308		308
309	sk_X509_pop_free(ctx->xsc->chain, X509_free);	309	sk_X509_pop_free(ctx->xsc->chain, X509_free);
310	ctx->xsc->chain = X509_chain_up_ref(chain->certs);	310	ctx->xsc->chain = X509_chain_up_ref(chain->certs);