From 7df3dd01de26ca0cd2d9564f78d3beea427d540a Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 26 Oct 2020 12:01:01 +0000
Subject: Add a safety net to ensure that we set an error on the store context.

Suggested by and discussed with beck
---
 src/lib/libcrypto/x509/x509_verify.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index 74316cb941..124d4ba34e 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.15 2020/10/26 11:59:16 tb Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.16 2020/10/26 12:01:01 tb Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -932,6 +932,8 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name)
 	return (ctx->chains_count);
 
  err:
+	if (ctx->error == X509_V_OK)
+		ctx->error = X509_V_ERR_UNSPECIFIED;
 	if (ctx->xsc != NULL)
 		ctx->xsc->error = ctx->error;
 	return 0;
-- 
cgit v1.2.3-55-g6feb