diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_verify.c | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c index 51108bbe72..39371ef038 100644 --- a/src/lib/libcrypto/x509/x509_verify.c +++ b/src/lib/libcrypto/x509/x509_verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_verify.c,v 1.46 2021/08/30 06:51:36 beck Exp $ */ | 1 | /* $OpenBSD: x509_verify.c,v 1.47 2021/08/30 08:59:33 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -132,11 +132,8 @@ x509_verify_chain_append(struct x509_verify_chain *chain, X509 *cert, | |||
| 132 | * We've just added the issuer for the previous certificate, | 132 | * We've just added the issuer for the previous certificate, |
| 133 | * clear its error if appropriate. | 133 | * clear its error if appropriate. |
| 134 | */ | 134 | */ |
| 135 | if (idx > 1 && | 135 | if (idx > 1 && chain->cert_errors[idx - 1] == |
| 136 | (chain->cert_errors[idx - 1] == | 136 | X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) |
| 137 | X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY || | ||
| 138 | chain->cert_errors[idx - 1] == | ||
| 139 | X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) | ||
| 140 | chain->cert_errors[idx - 1] = X509_V_OK; | 137 | chain->cert_errors[idx - 1] = X509_V_OK; |
| 141 | 138 | ||
| 142 | return 1; | 139 | return 1; |
| @@ -409,9 +406,7 @@ x509_verify_ctx_add_chain(struct x509_verify_ctx *ctx, | |||
| 409 | 406 | ||
| 410 | /* Clear a get issuer failure for a root certificate. */ | 407 | /* Clear a get issuer failure for a root certificate. */ |
| 411 | if (chain->cert_errors[depth] == | 408 | if (chain->cert_errors[depth] == |
| 412 | X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY || | 409 | X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) |
| 413 | chain->cert_errors[depth] == | ||
| 414 | X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE) | ||
| 415 | chain->cert_errors[depth] = X509_V_OK; | 410 | chain->cert_errors[depth] = X509_V_OK; |
| 416 | 411 | ||
| 417 | if (!x509_verify_ctx_validate_legacy_chain(ctx, chain, depth)) | 412 | if (!x509_verify_ctx_validate_legacy_chain(ctx, chain, depth)) |
| @@ -601,8 +596,7 @@ x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, | |||
| 601 | return; | 596 | return; |
| 602 | 597 | ||
| 603 | count = ctx->chains_count; | 598 | count = ctx->chains_count; |
| 604 | ctx->error = depth == 0 ? X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE : | 599 | ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; |
| 605 | X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; | ||
| 606 | ctx->error_depth = depth; | 600 | ctx->error_depth = depth; |
| 607 | if (ctx->xsc != NULL) { | 601 | if (ctx->xsc != NULL) { |
| 608 | /* | 602 | /* |