Commit 53a8f8c2 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix for partial chain notification. 

For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
parent bf4863b3

crypto/x509/x509_vfy.c

+5 −1
Original line number Diff line number Diff line
@@ -1725,7 +1725,10 @@ static int internal_verify(X509_STORE_CTX *ctx) 
	else

		{

		if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)

			return check_cert_time(ctx, xi);

			{

			xs = xi;

			goto check_cert;

			}

		if (n <= 0)

			{

			ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
@@ -1776,6 +1779,7 @@ static int internal_verify(X509_STORE_CTX *ctx) 


		xs->valid = 1;



		check_cert:

		ok = check_cert_time(ctx, xs);

		if (!ok)

			goto end;