Commit 592a207b authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Policy validation fixes. 

Inhibit any policy count should ignore self issued certificates.
Require explicit policy is the number certificate before an explict policy
is required.
parent 6bcbac0a

crypto/x509v3/pcy_tree.c

+3 −2
Original line number Diff line number Diff line
@@ -134,7 +134,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, 
			if (!(x->ex_flags & EXFLAG_SI)

				&& (cache->explicit_skip != -1)

				&& (cache->explicit_skip < explicit_policy))

				explicit_policy = cache->explicit_skip;

				explicit_policy = cache->explicit_skip + 1;

			}

		}
@@ -202,6 +202,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, 
			}

		else

			{

			if (!(x->ex_flags & EXFLAG_SI))

				any_skip--;

			if ((cache->any_skip >= 0)

				&& (cache->any_skip < any_skip))