summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_vfy.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/x509/x509_vfy.c')
-rw-r--r--src/lib/libcrypto/x509/x509_vfy.c22
1 files changed, 16 insertions, 6 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 4fdff54124..3ddb2303d3 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -436,11 +436,14 @@ static int internal_verify(X509_STORE_CTX *ctx)
436 } 436 }
437 if (X509_verify(xs,pkey) <= 0) 437 if (X509_verify(xs,pkey) <= 0)
438 { 438 {
439 EVP_PKEY_free(pkey);
440 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; 439 ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
441 ctx->current_cert=xs; 440 ctx->current_cert=xs;
442 ok=(*cb)(0,ctx); 441 ok=(*cb)(0,ctx);
443 if (!ok) goto end; 442 if (!ok)
443 {
444 EVP_PKEY_free(pkey);
445 goto end;
446 }
444 } 447 }
445 EVP_PKEY_free(pkey); 448 EVP_PKEY_free(pkey);
446 pkey=NULL; 449 pkey=NULL;
@@ -768,18 +771,25 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
768 if(!purpose) purpose = def_purpose; 771 if(!purpose) purpose = def_purpose;
769 /* If we have a purpose then check it is valid */ 772 /* If we have a purpose then check it is valid */
770 if(purpose) { 773 if(purpose) {
774 X509_PURPOSE *ptmp;
771 idx = X509_PURPOSE_get_by_id(purpose); 775 idx = X509_PURPOSE_get_by_id(purpose);
772 if(idx == -1) { 776 if(idx == -1) {
773 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 777 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
774 X509_R_UNKNOWN_PURPOSE_ID); 778 X509_R_UNKNOWN_PURPOSE_ID);
775 return 0; 779 return 0;
776 } 780 }
777 /* If trust not set then get from purpose default */ 781 ptmp = X509_PURPOSE_get0(idx);
778 if(!trust) { 782 if(ptmp->trust == X509_TRUST_DEFAULT) {
779 X509_PURPOSE *ptmp; 783 idx = X509_PURPOSE_get_by_id(def_purpose);
784 if(idx == -1) {
785 X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
786 X509_R_UNKNOWN_PURPOSE_ID);
787 return 0;
788 }
780 ptmp = X509_PURPOSE_get0(idx); 789 ptmp = X509_PURPOSE_get0(idx);
781 trust = ptmp->trust;
782 } 790 }
791 /* If trust not set then get from purpose default */
792 if(!trust) trust = ptmp->trust;
783 } 793 }
784 if(trust) { 794 if(trust) {
785 idx = X509_TRUST_get_by_id(trust); 795 idx = X509_TRUST_get_by_id(trust);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 17:19:05 +0000