diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2022-02-04 16:34:16 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-02-04 16:34:16 +0000 |
| commit | 7ed3fe90d5f6e4ffd13fe6a756438284fb7f59f7 (patch) | |
| tree | bedb85304e78af988aa97eca050366ef6e1e2fe2 /lib/libcrypto/x509/x509_addr.c | |
| parent | 8da7d92701c8f48cc0f62b992494fe1fec6ba19d (diff) | |
Remove a strange inheritance check from addr_validate_path_internal()
The trust anchor can't inherit, but the code says that it can inherit
just not if the leaf tries to inherit from that. This makes no sense
and doesn't match what is done on the asid side.
ok jsing
Diffstat (limited to 'lib/libcrypto/x509/x509_addr.c')
| -rw-r--r-- | lib/libcrypto/x509/x509_addr.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/lib/libcrypto/x509/x509_addr.c b/lib/libcrypto/x509/x509_addr.c index cc77f92509d..209c5cf3978 100644 --- a/lib/libcrypto/x509/x509_addr.c +++ b/lib/libcrypto/x509/x509_addr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_addr.c,v 1.76 2022/01/06 14:08:15 tb Exp $ */ +/* $OpenBSD: x509_addr.c,v 1.77 2022/02/04 16:34:15 tb Exp $ */ /* * Contributed to the OpenSSL Project by the American Registry for * Internet Numbers ("ARIN"). @@ -1899,9 +1899,6 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, if (IPAddressFamily_inheritance(parent_af) == NULL) continue; - if (sk_IPAddressFamily_find(child, parent_af) < 0) - continue; - if ((ret = verify_error(ctx, cert, X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) goto done; |