Commit 102302b0 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix for partial chain notification. 

For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
(cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)
parent 7af31968

crypto/x509/x509_vfy.c

+5 −1
Original line number Diff line number Diff line
@@ -1753,7 +1753,10 @@ static int internal_verify(X509_STORE_CTX *ctx) 
	else

		{

		if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)

			return check_cert_time(ctx, xi);

			{

			xs = xi;

			goto check_cert;

			}

		if (n <= 0)

			{

			ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
@@ -1804,6 +1807,7 @@ static int internal_verify(X509_STORE_CTX *ctx) 


		xs->valid = 1;



		check_cert:

		ok = check_cert_time(ctx, xs);

		if (!ok)

			goto end;