summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2021-02-26 15:19:42 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2021-02-26 15:19:42 +0000
commitcdcc4ae80c374e157b12e9fa2bd8311b1bf8d8b8 (patch)
tree8ebf43b022697621952e58ba93a72c81b1b16113
parenta9a8c389b6f9981492e61644e788e34537a54f54 (diff)
Set is_trusted in x509_verify_ctx_add_chain()
If we're about to add a chain we have a trust path, so we have at least one trusted certificate. This fixes a thinko from r1.31 and fixes the openssl(1) cms verify test. ok jsing (who had the same diff)
-rw-r--r--lib/libcrypto/x509/x509_verify.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c
index 02db436b1ad..f51ea1d8689 100644
--- a/lib/libcrypto/x509/x509_verify.c
+++ b/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.33 2021/02/25 16:58:59 jsing Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.34 2021/02/26 15:19:41 tb Exp $ */
/*
* Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
*
@@ -269,7 +269,7 @@ x509_verify_ctx_add_chain(struct x509_verify_ctx *ctx,
ctx->xsc->error = X509_V_OK;
ctx->xsc->error_depth = 0;
- if (!x509_verify_ctx_set_xsc_chain(ctx, chain, 0, 0))
+ if (!x509_verify_ctx_set_xsc_chain(ctx, chain, 0, 1))
return 0;
/*