diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_verify.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c index 2ec53f6fc8..e49fbdee48 100644 --- a/src/lib/libcrypto/x509/x509_verify.c +++ b/src/lib/libcrypto/x509/x509_verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_verify.c,v 1.48 2021/09/03 08:58:53 beck Exp $ */ | 1 | /* $OpenBSD: x509_verify.c,v 1.49 2021/09/09 15:09:43 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -1205,8 +1205,11 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name) | |||
| 1205 | * verified chain. The callback could still tell us to | 1205 | * verified chain. The callback could still tell us to |
| 1206 | * fail. | 1206 | * fail. |
| 1207 | */ | 1207 | */ |
| 1208 | if(!x509_vfy_callback_indicate_success(ctx->xsc)) | 1208 | if(!x509_vfy_callback_indicate_success(ctx->xsc)) { |
| 1209 | /* The callback can change the error code */ | ||
| 1210 | ctx->error = ctx->xsc->error; | ||
| 1209 | goto err; | 1211 | goto err; |
| 1212 | } | ||
| 1210 | } else { | 1213 | } else { |
| 1211 | /* | 1214 | /* |
| 1212 | * We had a failure, indicate the failure, but | 1215 | * We had a failure, indicate the failure, but |