summaryrefslogtreecommitdiff
path: root/lib/libcrypto/x509/x509_verify.c
diff options
context:
space:
mode:
authorBob Beck <beck@cvs.openbsd.org>2021-07-12 15:12:39 +0000
committerBob Beck <beck@cvs.openbsd.org>2021-07-12 15:12:39 +0000
commit07936156a5d797d2ea0ac0cce95d3463d834b343 (patch)
treef43b2526a301567e88a700fa9226c0077f9e13ac /lib/libcrypto/x509/x509_verify.c
parent73e82762d46ada77045a4c76185bdd75e2e712c3 (diff)
Use the x509_verify_cert_cache_extensions fuction instead of manually
calling the OpenSSL legacy cache extensions goo. Requested by tb@ ok tb@
Diffstat (limited to 'lib/libcrypto/x509/x509_verify.c')
-rw-r--r--lib/libcrypto/x509/x509_verify.c13
1 files changed, 4 insertions, 9 deletions
diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c
index 21b391c76c4..18d395d2737 100644
--- a/lib/libcrypto/x509/x509_verify.c
+++ b/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.38 2021/07/10 15:52:59 beck Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.39 2021/07/12 15:12:38 beck Exp $ */
/*
* Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
*
@@ -829,14 +829,9 @@ x509_verify_validate_constraints(X509 *cert,
static int
x509_verify_cert_extensions(struct x509_verify_ctx *ctx, X509 *cert, int need_ca)
{
- if (!(cert->ex_flags & EXFLAG_SET)) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
- x509v3_cache_extensions(cert);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
- if (cert->ex_flags & EXFLAG_INVALID) {
- ctx->error = X509_V_ERR_UNSPECIFIED;
- return 0;
- }
+ if (!x509_verify_cert_cache_extensions(cert)) {
+ ctx->error = X509_V_ERR_UNSPECIFIED;
+ return 0;
}
if (ctx->xsc != NULL)
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 11:15:50 +0000