diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2021-02-26 15:19:42 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2021-02-26 15:19:42 +0000 |
commit | cdcc4ae80c374e157b12e9fa2bd8311b1bf8d8b8 (patch) | |
tree | 8ebf43b022697621952e58ba93a72c81b1b16113 | |
parent | a9a8c389b6f9981492e61644e788e34537a54f54 (diff) |
Set is_trusted in x509_verify_ctx_add_chain()
If we're about to add a chain we have a trust path, so we have at least
one trusted certificate. This fixes a thinko from r1.31 and fixes the
openssl(1) cms verify test.
ok jsing (who had the same diff)
-rw-r--r-- | lib/libcrypto/x509/x509_verify.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c index 02db436b1ad..f51ea1d8689 100644 --- a/lib/libcrypto/x509/x509_verify.c +++ b/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.33 2021/02/25 16:58:59 jsing Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.34 2021/02/26 15:19:41 tb Exp $ */ /* * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> * @@ -269,7 +269,7 @@ x509_verify_ctx_add_chain(struct x509_verify_ctx *ctx, ctx->xsc->error = X509_V_OK; ctx->xsc->error_depth = 0; - if (!x509_verify_ctx_set_xsc_chain(ctx, chain, 0, 0)) + if (!x509_verify_ctx_set_xsc_chain(ctx, chain, 0, 1)) return 0; /* |