summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_verify.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509/x509_verify.c')
-rw-r--r--src/lib/libcrypto/x509/x509_verify.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index f6959d1f3a..83030672ef 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_verify.c,v 1.56 2022/06/25 20:01:43 beck Exp $ */ 1/* $OpenBSD: x509_verify.c,v 1.57 2022/06/27 14:10:22 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -415,6 +415,9 @@ x509_verify_ctx_validate_legacy_chain(struct x509_verify_ctx *ctx,
415 goto err; 415 goto err;
416#endif 416#endif
417 417
418 if (!x509_vfy_check_security_level(ctx->xsc))
419 goto err;
420
418 if (!x509_constraints_chain(ctx->xsc->chain, 421 if (!x509_constraints_chain(ctx->xsc->chain,
419 &ctx->xsc->error, &ctx->xsc->error_depth)) { 422 &ctx->xsc->error, &ctx->xsc->error_depth)) {
420 X509 *cert = sk_X509_value(ctx->xsc->chain, depth); 423 X509 *cert = sk_X509_value(ctx->xsc->chain, depth);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 21:12:15 +0000