The branch OpenSSL_1_1_0-stable has been updated
via 72ea4b8de29bd29dcc44b3d3a73660fe4d1bba40 (commit)
from 9fa506681c842bf9b27ddf4ea8579c4695be3bfa (commit)
- Log -----------------------------------------------------------------
commit 72ea4b8de29bd29dcc44b3d3a73660fe4d1bba40
Author: Viktor Dukhovni <[email protected]>
Date: Fri Nov 25 00:38:04 2016 -0500
Restore last-resort expired untrusted intermediate issuers
Reviewed-by: Matt Caswell <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
crypto/x509/x509_vfy.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 9fbef11..ebc4424 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -308,16 +308,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
{
int i;
+ X509 *issuer, *rv = NULL;
for (i = 0; i < sk_X509_num(sk); i++) {
- X509 *issuer = sk_X509_value(sk, i);
-
- if (!ctx->check_issued(ctx, x, issuer))
- continue;
- if (x509_check_cert_time(ctx, issuer, -1))
- return issuer;
+ issuer = sk_X509_value(sk, i);
+ if (ctx->check_issued(ctx, x, issuer)) {
+ rv = issuer;
+ if (x509_check_cert_time(ctx, rv, -1))
+ break;
+ }
}
- return NULL;
+ return rv;
}
/* Given a possible certificate and issuer check them */
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
