From 1d45dfeb373f7994856604f468f3106e8b772122 Mon Sep 17 00:00:00 2001
From: job <>
Date: Sun, 23 Apr 2023 21:46:07 +0000
Subject: In the case of V1 certs, the extension count should be exactly 0

OK tb@
---
 src/lib/libcrypto/x509/x509_purp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c
index e0069313b9..610a6d8796 100644
--- a/src/lib/libcrypto/x509/x509_purp.c
+++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.23 2023/04/23 21:39:19 job Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.24 2023/04/23 21:46:07 job Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -459,7 +459,7 @@ x509v3_cache_extensions_internal(X509 *x)
 	/* V1 should mean no extensions ... */
 	if (X509_get_version(x) == 0) {
 		x->ex_flags |= EXFLAG_V1;
-		if (X509_get_ext_count(x) > 0)
+		if (X509v3_get_ext_count(x) != 0)
 			x->ex_flags |= EXFLAG_INVALID;
 	}
 
-- 
cgit v1.2.3-55-g6feb