summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2021-01-05 16:53:11 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2021-01-05 16:53:11 +0000
commitab814d8ede276fee4723412f5cec1fdd6bfef1a7 (patch)
treeb8967cf604a1f7a11ebe76e41a3bd99e148bd24b
parent080f2656a21a56e6f81d063b3a4b0c83f0dbc2dd (diff)
Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in new verifier.
Yet another mostly meaningless error value... Noted by and ok tb@
Diffstat
-rw-r--r--lib/libcrypto/x509/x509_verify.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c
index a5b41afb859..0297fac1451 100644
--- a/lib/libcrypto/x509/x509_verify.c
+++ b/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.26 2021/01/05 16:45:59 jsing Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.27 2021/01/05 16:53:10 jsing Exp $ */
/*
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
*
@@ -540,6 +540,9 @@ x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert,
(void) ctx->xsc->verify_cb(1, ctx->xsc);
}
} else if (ctx->error_depth == depth && !ctx->dump_chain) {
+ if (depth == 0 &&
+ ctx->error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
+ ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
(void) x509_verify_cert_error(ctx, cert, depth,
ctx->error, 0);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 04:40:25 +0000