From 6ba36f769980f2d0ef8a398b5bf7d1f8430b962d Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Mon, 16 Nov 2020 17:42:35 +0000
Subject: Add back an X509_STORE_CTX error code assignment.

This was inadvertently removed in r1.19.

Spotted by tb@

ok beck@ tb@
---
 src/lib/libcrypto/x509/x509_verify.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index 5f048bee4f..39f86d383e 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.20 2020/11/15 17:54:49 beck Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.21 2020/11/16 17:42:35 jsing Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -1014,8 +1014,9 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name)
 		ctx->error = X509_V_OK;
 
 	if (ctx->xsc != NULL) {
-		/* Take the first chain we found. */
+		ctx->xsc->error = ctx->error;
 		if (ctx->chains_count > 0) {
+			/* Take the first chain we found. */
 			if (!x509_verify_ctx_set_xsc_chain(ctx, ctx->chains[0], 1))
 				goto err;
 		}
-- 
cgit v1.2.3-55-g6feb