diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_verify.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c index b19b5373c5..d343706ea1 100644 --- a/src/lib/libcrypto/x509/x509_verify.c +++ b/src/lib/libcrypto/x509/x509_verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_verify.c,v 1.28 2021/01/08 03:23:56 beck Exp $ */ | 1 | /* $OpenBSD: x509_verify.c,v 1.29 2021/01/09 03:01:03 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -470,6 +470,14 @@ x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, | |||
| 470 | X509 *candidate; | 470 | X509 *candidate; |
| 471 | int i, depth, count, ret; | 471 | int i, depth, count, ret; |
| 472 | 472 | ||
| 473 | /* | ||
| 474 | * If we are finding chains with an xsc, just stop after we have | ||
| 475 | * one chain, there's no point in finding more, it just exercises | ||
| 476 | * the potentially buggy callback processing in the calling software. | ||
| 477 | */ | ||
| 478 | if (ctx->xsc != NULL && ctx->chains_count > 0) | ||
| 479 | return; | ||
| 480 | |||
| 473 | depth = sk_X509_num(current_chain->certs); | 481 | depth = sk_X509_num(current_chain->certs); |
| 474 | if (depth > 0) | 482 | if (depth > 0) |
| 475 | depth--; | 483 | depth--; |