summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/crypto/x509v3/pcy_tree.c')
-rw-r--r--src/lib/libssl/src/crypto/x509v3/pcy_tree.c18
1 files changed, 10 insertions, 8 deletions
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
index 4fda1d419a..b1ce77b9af 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
@@ -130,9 +130,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
130 ret = 2; 130 ret = 2;
131 if (explicit_policy > 0) 131 if (explicit_policy > 0)
132 { 132 {
133 explicit_policy--; 133 if (!(x->ex_flags & EXFLAG_SI))
134 if (!(x->ex_flags & EXFLAG_SS) 134 explicit_policy--;
135 && (cache->explicit_skip != -1) 135 if ((cache->explicit_skip != -1)
136 && (cache->explicit_skip < explicit_policy)) 136 && (cache->explicit_skip < explicit_policy))
137 explicit_policy = cache->explicit_skip; 137 explicit_policy = cache->explicit_skip;
138 } 138 }
@@ -197,13 +197,14 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
197 /* Any matching allowed if certificate is self 197 /* Any matching allowed if certificate is self
198 * issued and not the last in the chain. 198 * issued and not the last in the chain.
199 */ 199 */
200 if (!(x->ex_flags & EXFLAG_SS) || (i == 0)) 200 if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
201 level->flags |= X509_V_FLAG_INHIBIT_ANY; 201 level->flags |= X509_V_FLAG_INHIBIT_ANY;
202 } 202 }
203 else 203 else
204 { 204 {
205 any_skip--; 205 if (!(x->ex_flags & EXFLAG_SI))
206 if ((cache->any_skip > 0) 206 any_skip--;
207 if ((cache->any_skip >= 0)
207 && (cache->any_skip < any_skip)) 208 && (cache->any_skip < any_skip))
208 any_skip = cache->any_skip; 209 any_skip = cache->any_skip;
209 } 210 }
@@ -213,7 +214,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
213 else 214 else
214 { 215 {
215 map_skip--; 216 map_skip--;
216 if ((cache->map_skip > 0) 217 if ((cache->map_skip >= 0)
217 && (cache->map_skip < map_skip)) 218 && (cache->map_skip < map_skip))
218 map_skip = cache->map_skip; 219 map_skip = cache->map_skip;
219 } 220 }
@@ -310,7 +311,8 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
310 311
311 if (data == NULL) 312 if (data == NULL)
312 return 0; 313 return 0;
313 data->qualifier_set = curr->anyPolicy->data->qualifier_set; 314 /* Curr may not have anyPolicy */
315 data->qualifier_set = cache->anyPolicy->qualifier_set;
314 data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; 316 data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
315 if (!level_add_node(curr, data, node, tree)) 317 if (!level_add_node(curr, data, node, tree))
316 { 318 {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 23:28:43 +0000