From aed0a5deca305a997de3f6234733204b383f094f Mon Sep 17 00:00:00 2001 From: jsing <> Date: Thu, 25 Feb 2021 16:58:59 +0000 Subject: Rename depth to num_untrusted so it identifies what it actually represents. ok tb@ --- src/lib/libcrypto/x509/x509_verify.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c index 62cbb7cef8..02db436b1a 100644 --- a/src/lib/libcrypto/x509/x509_verify.c +++ b/src/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.32 2021/02/25 16:57:10 jsing Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.33 2021/02/25 16:58:59 jsing Exp $ */ /* * Copyright (c) 2020-2021 Bob Beck * @@ -197,22 +197,22 @@ static int x509_verify_ctx_set_xsc_chain(struct x509_verify_ctx *ctx, struct x509_verify_chain *chain, int set_error, int is_trusted) { - size_t depth; + size_t num_untrusted; int i; if (ctx->xsc == NULL) return 1; - depth = sk_X509_num(chain->certs); - if (is_trusted && depth > 0) - depth--; /* * XXX last_untrusted is actually the number of untrusted certs at the * bottom of the chain. This works now since we stop at the first * trusted cert. This will need fixing once we allow more than one * trusted certificate. */ - ctx->xsc->last_untrusted = depth; + num_untrusted = sk_X509_num(chain->certs); + if (is_trusted && num_untrusted > 0) + num_untrusted--; + ctx->xsc->last_untrusted = num_untrusted; sk_X509_pop_free(ctx->xsc->chain, X509_free); ctx->xsc->chain = X509_chain_up_ref(chain->certs); -- cgit v1.2.3-55-g6feb