Skip to content
Commit 47daa155 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson Committed by Matt Caswell
Browse files

Fix verify algorithm.



Disable loop checking when we retry verification with an alternative path.
This fixes the case where an intermediate CA is explicitly trusted and part
of the untrusted certificate list. By disabling loop checking for this case
the untrusted CA can be replaced by the explicitly trusted case and
verification will succeed.

Signed-off-by: default avatarMatt Caswell <matt@openssl.org>
(cherry picked from commit e5991ec5

)

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent be856c03
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment