summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/x509/x509_verify.c16
1 files changed, 7 insertions, 9 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index 53a06b193b..0c32cd04b7 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_verify.c,v 1.12 2020/09/23 18:20:16 jsing Exp $ */ 1/* $OpenBSD: x509_verify.c,v 1.13 2020/09/26 15:44:06 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -862,15 +862,7 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name)
862 return 0; 862 return 0;
863 } 863 }
864 leaf = ctx->xsc->cert; 864 leaf = ctx->xsc->cert;
865 }
866
867 if (!x509_verify_cert_valid(ctx, leaf, NULL))
868 return 0;
869
870 if (!x509_verify_cert_hostname(ctx, leaf, name))
871 return 0;
872 865
873 if (ctx->xsc != NULL) {
874 /* 866 /*
875 * XXX 867 * XXX
876 * The legacy code expects the top level cert to be 868 * The legacy code expects the top level cert to be
@@ -895,6 +887,12 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name)
895 ctx->xsc->current_cert = leaf; 887 ctx->xsc->current_cert = leaf;
896 } 888 }
897 889
890 if (!x509_verify_cert_valid(ctx, leaf, NULL))
891 return 0;
892
893 if (!x509_verify_cert_hostname(ctx, leaf, name))
894 return 0;
895
898 if ((current_chain = x509_verify_chain_new()) == NULL) { 896 if ((current_chain = x509_verify_chain_new()) == NULL) {
899 ctx->error = X509_V_ERR_OUT_OF_MEM; 897 ctx->error = X509_V_ERR_OUT_OF_MEM;
900 return 0; 898 return 0;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-22 06:46:29 +0000