[openssl-commits] [openssl] master update
Viktor Dukhovni
viktor at openssl.org
Thu Jan 14 20:12:32 UTC 2016
The branch master has been updated
via 497ecc0d7d1221ae339aad62d2728c66f6ec816a (commit)
from 56afc18714664e8fb395a2e143e48be3ab146d43 (commit)
- Log -----------------------------------------------------------------
commit 497ecc0d7d1221ae339aad62d2728c66f6ec816a
Author: Viktor Dukhovni <openssl-users at dukhovni.org>
Date: Thu Jan 14 15:03:15 2016 -0500
Cosmetic polish for last-resort depth 0 check
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_vfy.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 24ca9e3..972760c 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -618,7 +618,7 @@ static int check_trust(X509_STORE_CTX *ctx, int num_untrusted)
return X509_TRUST_UNTRUSTED;
}
- if (num_untrusted > num && ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
+ if (num_untrusted == num && ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
/*
* Last-resort call with no new trusted certificates, check the leaf
* for a direct trust store match.
@@ -2894,12 +2894,12 @@ static int build_chain(X509_STORE_CTX *ctx)
* Last chance to make a trusted chain, either bare DANE-TA public-key
* signers, or else direct leaf PKIX trust.
*/
- if (sk_X509_num(ctx->chain) <= depth) {
+ num = sk_X509_num(ctx->chain);
+ if (num <= depth) {
if (trust == X509_TRUST_UNTRUSTED && DANETLS_HAS_DANE_TA(dane))
trust = check_dane_pkeys(ctx);
- if (trust == X509_TRUST_UNTRUSTED &&
- sk_X509_num(ctx->chain) == ctx->num_untrusted)
- trust = check_trust(ctx, ctx->num_untrusted+1);
+ if (trust == X509_TRUST_UNTRUSTED && num == ctx->num_untrusted)
+ trust = check_trust(ctx, num);
}
switch (trust) {
More information about the openssl-commits
mailing list