The branch OpenSSL_1_0_2-stable has been updated
via f36fedcc764bdcadef30fe214f51b18a17f3f08c (commit)
from 3281f1eb65008c3c6176418f6c6f83b29d1e8482 (commit)
- Log -----------------------------------------------------------------
commit f36fedcc764bdcadef30fe214f51b18a17f3f08c
Author: David von Oheimb <[email protected]>
Date: Thu Aug 17 21:45:06 2017 +0200
Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL
(backport)
Reviewed-by: Rich Salz <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/4183)
-----------------------------------------------------------------------
Summary of changes:
crypto/ocsp/ocsp_vfy.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index d4a257c..7a7d060 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -118,6 +118,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509)
*certs,
goto end;
}
}
+ } else if (certs != NULL) {
+ untrusted = certs;
} else {
untrusted = bs->certs;
}
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
