2 files changed, 17 insertions, 7 deletions
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
index 511b49d589..98460e8921 100644
--- a/src/lib/libcrypto/x509/x509_att.c
+++ b/src/lib/libcrypto/x509/x509_att.c
@@ -245,7 +245,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
                goto err;
        if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
                goto err;
-        
        if ((attr != NULL) && (*attr == NULL)) *attr=ret;
        return(ret);
 err:
@@ -302,8 +302,15 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat
                atype = attrtype;
        }
        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
+        attr->single = 0;
+        /* This is a bit naughty because the attribute should really have
+         * at least one value but some types use and zero length SET and
+         * require this.
+         */
+        if (attrtype == 0)
+                return 1;
        if(!(ttmp = ASN1_TYPE_new())) goto err;
-        if (len == -1)
+        if ((len == -1) && !(attrtype & MBSTRING_FLAG))
                {
                if (!ASN1_TYPE_set1(ttmp, attrtype, data))
                        goto err;
@@ -311,7 +318,6 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat
        else
                ASN1_TYPE_set(ttmp, atype, stmp);
        if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
-        attr->single = 0;
        return 1;
        err:
        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 9a62ebcf67..336c40ddd7 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -394,7 +394,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 #ifdef OPENSSL_NO_CHAIN_VERIFY
        return 1;
 #else
-        int i, ok=0, must_be_ca;
+        int i, ok=0, must_be_ca, plen = 0;
        X509 *x;
        int (*cb)(int xok,X509_STORE_CTX *xctx);
        int proxy_path_length = 0;
@@ -495,9 +495,10 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                                if (!ok) goto end;
                                }
                        }
-                /* Check pathlen */
+                /* Check pathlen if not self issued */
-                if ((i > 1) && (x->ex_pathlen != -1)
+                if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
-                           && (i > (x->ex_pathlen + proxy_path_length + 1)))
+                           && (x->ex_pathlen != -1)
+                           && (plen > (x->ex_pathlen + proxy_path_length + 1)))
                        {
                        ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
                        ctx->error_depth = i;
@@ -505,6 +506,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                        ok=cb(0,ctx);
                        if (!ok) goto end;
                        }
+                /* Increment path length if not self issued */
+                if (!(x->ex_flags & EXFLAG_SI))
+                        plen++;
                /* If this certificate is a proxy certificate, the next
                   certificate must be another proxy certificate or a EE
                   certificate.  If not, the next certificate must be a