From 45b8140d971deab0e2970c393ed60019bd1b94ba Mon Sep 17 00:00:00 2001
From: tb <>
Date: Thu, 21 Apr 2022 04:24:51 +0000
Subject: Fix X509_get_extension_flags()

Ensure that EXFLAG_INVALID is set on X509_get_purpose() failure.

ok inoguchi jsing
---
 src/lib/libcrypto/x509/x509_purp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c
index a05c0388ac..4d833f73ba 100644
--- a/src/lib/libcrypto/x509/x509_purp.c
+++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.13 2021/11/04 23:52:34 beck Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.14 2022/04/21 04:24:51 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -952,7 +952,7 @@ X509_get_extension_flags(X509 *x)
 {
 	/* Call for side-effect of computing hash and caching extensions */
 	if (X509_check_purpose(x, -1, -1) != 1)
-		return 0;
+		return EXFLAG_INVALID;
 
 	return x->ex_flags;
 }
-- 
cgit v1.2.3-55-g6feb