[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Matt Caswell
matt at openssl.org
Wed Apr 29 14:47:33 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via 937a766982229fd4aa3d9ceb544517f81a193206 (commit)
from 07977739f0eaa1dd6845518b590932ba5cbf75d1 (commit)
- Log -----------------------------------------------------------------
commit 937a766982229fd4aa3d9ceb544517f81a193206
Author: Matt Caswell <matt at openssl.org>
Date: Tue Apr 21 11:28:41 2015 +0100
Revert "Fix verify algorithm."
This reverts commit 47daa155a31b0a54ce09ad2ed4d55fad74096dab.
The above commit was backported to the 1.0.2 branch as part of backporting
the alternative chain verify algorithm changes. However it has been pointed
out (credit to Shigeki Ohtsu) that this is unnecessary in 1.0.2 as this
commit is a work around for loop checking that only exists in master.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_vfy.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index c0f6a5d..f3e9c56 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -370,16 +370,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
&& !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
&& !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
while (j-- > 1) {
- STACK_OF(X509) *chtmp = ctx->chain;
xtmp2 = sk_X509_value(ctx->chain, j - 1);
- /*
- * Temporarily set chain to NULL so we don't discount
- * duplicates: the same certificate could be an untrusted
- * CA found in the trusted store.
- */
- ctx->chain = NULL;
ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
- ctx->chain = chtmp;
if (ok < 0)
goto end;
/* Check if we found an alternate chain */
More information about the openssl-commits
mailing list