summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2021-02-25 16:59:00 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2021-02-25 16:59:00 +0000
commit85b166a61f5d65e039d05081daf0b2332a609d60 (patch)
tree64a86f6c86a5a6e9d65e0d09e25019b28614ec75 /lib
parentfa36d1ab0dfc33cd5f371840269d0a629831e7e5 (diff)
Rename depth to num_untrusted so it identifies what it actually represents.
ok tb@
Diffstat (limited to 'lib')
-rw-r--r--lib/libcrypto/x509/x509_verify.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c
index 62cbb7cef80..02db436b1ad 100644
--- a/lib/libcrypto/x509/x509_verify.c
+++ b/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.32 2021/02/25 16:57:10 jsing Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.33 2021/02/25 16:58:59 jsing Exp $ */
/*
* Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
*
@@ -197,22 +197,22 @@ static int
x509_verify_ctx_set_xsc_chain(struct x509_verify_ctx *ctx,
struct x509_verify_chain *chain, int set_error, int is_trusted)
{
- size_t depth;
+ size_t num_untrusted;
int i;
if (ctx->xsc == NULL)
return 1;
- depth = sk_X509_num(chain->certs);
- if (is_trusted && depth > 0)
- depth--;
/*
* XXX last_untrusted is actually the number of untrusted certs at the
* bottom of the chain. This works now since we stop at the first
* trusted cert. This will need fixing once we allow more than one
* trusted certificate.
*/
- ctx->xsc->last_untrusted = depth;
+ num_untrusted = sk_X509_num(chain->certs);
+ if (is_trusted && num_untrusted > 0)
+ num_untrusted--;
+ ctx->xsc->last_untrusted = num_untrusted;
sk_X509_pop_free(ctx->xsc->chain, X509_free);
ctx->xsc->chain = X509_chain_up_ref(chain->certs);