Commit 937a7669 authored by Matt Caswell's avatar Matt Caswell
Browse files

Revert "Fix verify algorithm." 



This reverts commit 47daa155.

The above commit was backported to the 1.0.2 branch as part of backporting
the alternative chain verify algorithm changes. However it has been pointed
out (credit to Shigeki Ohtsu) that this is unnecessary in 1.0.2 as this
commit is a work around for loop checking that only exists in master.

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
parent 07977739

crypto/x509/x509_vfy.c

+0 −8
Original line number Diff line number Diff line
@@ -370,16 +370,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) 
            && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)

            && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {

            while (j-- > 1) {

                STACK_OF(X509) *chtmp = ctx->chain;

                xtmp2 = sk_X509_value(ctx->chain, j - 1);

                /*

                 * Temporarily set chain to NULL so we don't discount

                 * duplicates: the same certificate could be an untrusted

                 * CA found in the trusted store.

                 */

                ctx->chain = NULL;

                ok = ctx->get_issuer(&xtmp, ctx, xtmp2);

                ctx->chain = chtmp;

                if (ok < 0)

                    goto end;

                /* Check if we found an alternate chain */