diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2021-11-06 12:27:06 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2021-11-06 12:27:06 +0000 |
commit | 424add47b831f940ee8a7e1ce4a18d0c1be0f307 (patch) | |
tree | cd44bf254bef9bc02482f7a6bcd2288d0ef57d7c | |
parent | 108a74891f037f7aebcbae1353c0a6da55484c82 (diff) |
In X509_STORE_get1_issuer() do not call the verify callback from
x509_check_cert_time(). Matches a change made in OpenSSL 70dd3c65.
ok jsing
-rw-r--r-- | lib/libcrypto/x509/x509_lu.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/libcrypto/x509/x509_lu.c b/lib/libcrypto/x509/x509_lu.c index 1a8c079fde3..c47e8f9dd1a 100644 --- a/lib/libcrypto/x509/x509_lu.c +++ b/lib/libcrypto/x509/x509_lu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_lu.c,v 1.49 2021/11/06 07:18:18 tb Exp $ */ +/* $OpenBSD: x509_lu.c,v 1.50 2021/11/06 12:27:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -697,7 +697,7 @@ X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) return 0; /* If certificate matches all OK */ if (ctx->check_issued(ctx, x, obj.data.x509)) { - if (x509_check_cert_time(ctx, obj.data.x509, 1)) { + if (x509_check_cert_time(ctx, obj.data.x509, -1)) { *issuer = obj.data.x509; return 1; } @@ -730,7 +730,7 @@ X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) * match in issuer so we return nearest * match if no certificate time is OK. */ - if (x509_check_cert_time(ctx, *issuer, 1)) + if (x509_check_cert_time(ctx, *issuer, -1)) break; } } |