summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2021-11-06 12:27:06 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2021-11-06 12:27:06 +0000
commit424add47b831f940ee8a7e1ce4a18d0c1be0f307 (patch)
treecd44bf254bef9bc02482f7a6bcd2288d0ef57d7c
parent108a74891f037f7aebcbae1353c0a6da55484c82 (diff)
In X509_STORE_get1_issuer() do not call the verify callback from
x509_check_cert_time(). Matches a change made in OpenSSL 70dd3c65. ok jsing
-rw-r--r--lib/libcrypto/x509/x509_lu.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/libcrypto/x509/x509_lu.c b/lib/libcrypto/x509/x509_lu.c
index 1a8c079fde3..c47e8f9dd1a 100644
--- a/lib/libcrypto/x509/x509_lu.c
+++ b/lib/libcrypto/x509/x509_lu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.49 2021/11/06 07:18:18 tb Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.50 2021/11/06 12:27:05 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -697,7 +697,7 @@ X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
return 0;
/* If certificate matches all OK */
if (ctx->check_issued(ctx, x, obj.data.x509)) {
- if (x509_check_cert_time(ctx, obj.data.x509, 1)) {
+ if (x509_check_cert_time(ctx, obj.data.x509, -1)) {
*issuer = obj.data.x509;
return 1;
}
@@ -730,7 +730,7 @@ X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
* match in issuer so we return nearest
* match if no certificate time is OK.
*/
- if (x509_check_cert_time(ctx, *issuer, 1))
+ if (x509_check_cert_time(ctx, *issuer, -1))
break;
}
}