Fix SuiteB chain checking logic. (7255ca99) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

ssl/t1_lib.c

+4 −7

Original line number	Diff line number	Diff line
		@@ -4294,14 +4294,11 @@ int tls1_check_chain(SSL s, X509 x, EVP_PKEY pk, STACK_OF(X509) chain,
		if (check_flags)
		check_flags \|= CERT_PKEY_SUITEB;
		ok = X509_chain_check_suiteb(NULL, x, chain, suiteb_flags);
		if (ok != X509_V_OK)
		{
		if (check_flags)
		if (ok == X509_V_OK)
		rv \|= CERT_PKEY_SUITEB;
		else
		else if (!check_flags)
		goto end;
		}
		}

		/* Check all signature algorithms are consistent with
		* signature algorithms extension if TLS 1.2 or later