From f61b97d9dd62e878e271aa54b64879e8942a182f Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 26 Oct 2020 11:56:36 +0000
Subject: Make sure that x509_vfy_check_id() failure also sets ctx->error, not
 only ctx->xsc->error. Will be needed in an upcoming diff.

from beck
---
 src/lib/libcrypto/x509/x509_verify.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/x509/x509_verify.c b/src/lib/libcrypto/x509/x509_verify.c
index 0c32cd04b7..fdde098df7 100644
--- a/src/lib/libcrypto/x509/x509_verify.c
+++ b/src/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.13 2020/09/26 15:44:06 jsing Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.14 2020/10/26 11:56:36 tb Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -458,8 +458,13 @@ x509_verify_cert_hostname(struct x509_verify_ctx *ctx, X509 *cert, char *name)
 	size_t len;
 
 	if (name == NULL) {
-		if (ctx->xsc != NULL)
-			return x509_vfy_check_id(ctx->xsc);
+		if (ctx->xsc != NULL) {
+			int ret;
+
+			if ((ret = x509_vfy_check_id(ctx->xsc)) == 0)
+				ctx->error = ctx->xsc->error;
+			return ret;
+		}
 		return 1;
 	}
 	if ((candidate = strdup(name)) == NULL) {
-- 
cgit v1.2.3-55-g6feb