diff options
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/src/crypto/x509v3/pcy_tree.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c index 4fda1d419a..6c87a7f506 100644 --- a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c +++ b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | /* pcy_tree.c */ | 1 | /* pcy_tree.c */ |
| 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2004. | 3 | * project 2004. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| @@ -130,9 +130,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, | |||
| 130 | ret = 2; | 130 | ret = 2; |
| 131 | if (explicit_policy > 0) | 131 | if (explicit_policy > 0) |
| 132 | { | 132 | { |
| 133 | explicit_policy--; | 133 | if (!(x->ex_flags & EXFLAG_SI)) |
| 134 | if (!(x->ex_flags & EXFLAG_SS) | 134 | explicit_policy--; |
| 135 | && (cache->explicit_skip != -1) | 135 | if ((cache->explicit_skip != -1) |
| 136 | && (cache->explicit_skip < explicit_policy)) | 136 | && (cache->explicit_skip < explicit_policy)) |
| 137 | explicit_policy = cache->explicit_skip; | 137 | explicit_policy = cache->explicit_skip; |
| 138 | } | 138 | } |
| @@ -197,13 +197,14 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, | |||
| 197 | /* Any matching allowed if certificate is self | 197 | /* Any matching allowed if certificate is self |
| 198 | * issued and not the last in the chain. | 198 | * issued and not the last in the chain. |
| 199 | */ | 199 | */ |
| 200 | if (!(x->ex_flags & EXFLAG_SS) || (i == 0)) | 200 | if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) |
| 201 | level->flags |= X509_V_FLAG_INHIBIT_ANY; | 201 | level->flags |= X509_V_FLAG_INHIBIT_ANY; |
| 202 | } | 202 | } |
| 203 | else | 203 | else |
| 204 | { | 204 | { |
| 205 | any_skip--; | 205 | if (!(x->ex_flags & EXFLAG_SI)) |
| 206 | if ((cache->any_skip > 0) | 206 | any_skip--; |
| 207 | if ((cache->any_skip >= 0) | ||
| 207 | && (cache->any_skip < any_skip)) | 208 | && (cache->any_skip < any_skip)) |
| 208 | any_skip = cache->any_skip; | 209 | any_skip = cache->any_skip; |
| 209 | } | 210 | } |
| @@ -213,7 +214,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, | |||
| 213 | else | 214 | else |
| 214 | { | 215 | { |
| 215 | map_skip--; | 216 | map_skip--; |
| 216 | if ((cache->map_skip > 0) | 217 | if ((cache->map_skip >= 0) |
| 217 | && (cache->map_skip < map_skip)) | 218 | && (cache->map_skip < map_skip)) |
| 218 | map_skip = cache->map_skip; | 219 | map_skip = cache->map_skip; |
| 219 | } | 220 | } |
| @@ -310,7 +311,8 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, | |||
| 310 | 311 | ||
| 311 | if (data == NULL) | 312 | if (data == NULL) |
| 312 | return 0; | 313 | return 0; |
| 313 | data->qualifier_set = curr->anyPolicy->data->qualifier_set; | 314 | /* Curr may not have anyPolicy */ |
| 315 | data->qualifier_set = cache->anyPolicy->qualifier_set; | ||
| 314 | data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; | 316 | data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; |
| 315 | if (!level_add_node(curr, data, node, tree)) | 317 | if (!level_add_node(curr, data, node, tree)) |
| 316 | { | 318 | { |