In some experimental code I'm passing store == NULL
into X509_STORE_CTX_init however I find that my verify_cb is called for
every issuer/subject mismatch, as if I had set X509_V_FLAG_CB_ISSUER_CHECK
(which I haven't)
Digging into it, it appears the the X509_VERIFY_PARAM 'flags' field (in
ctx->param->flags) is being erroneously initialized with a value of 17
because it is being incorrectly initialized with enumeration constants
intended for the inh_flags field.
The values X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE == 17, which are
then interpreted as X509_V_FLAG_CB_ISSUER_CHECK|X509_V_FLAG_IGNORE_CRITICAL
hence the reason I see the spurious CB_ISSUER_CHECK callbacks.
Suggested fix:-
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2034,7 +2034,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx,
X509_STORE *store, X509 *x509,
if (store)
ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
else
- ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
+ ctx->param->inh_flags |=
X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
if (store)
{
