From 83b76ed417b8b5f76bcd75ebddd3441a55c890ce Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 28 Apr 2021 17:53:34 +0000
Subject: Revert "Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in new
 verifier." (r1.27). While this may have "fixed" one corner case, it broke
 expectations of Perl Net::SSLeay and Ruby OpenSSL regression tests.

ok bcook
---
 src/lib/libcrypto/x509/x509_verify.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'src/lib/libcrypto')

diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index 9c34e31ee3..57c52aa240 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.36 2021/03/13 23:01:49 tobhe Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.37 2021/04/28 17:53:34 tb Exp $ */
 /*
  * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
  *
@@ -558,9 +558,6 @@ x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert,
 			(void) ctx->xsc->verify_cb(1, ctx->xsc);
 		}
 	} else if (ctx->error_depth == depth && !ctx->dump_chain) {
-		if (depth == 0 &&
-		    ctx->error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
-			ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
 		if (!x509_verify_ctx_set_xsc_chain(ctx, current_chain, 0, 0))
 			return;
 		(void) x509_verify_cert_error(ctx, cert, depth,
-- 
cgit v1.2.3-55-g6feb