From ab814d8ede276fee4723412f5cec1fdd6bfef1a7 Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Tue, 5 Jan 2021 16:53:11 +0000 Subject: Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in new verifier. Yet another mostly meaningless error value... Noted by and ok tb@ --- lib/libcrypto/x509/x509_verify.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c index a5b41afb859..0297fac1451 100644 --- a/lib/libcrypto/x509/x509_verify.c +++ b/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.26 2021/01/05 16:45:59 jsing Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.27 2021/01/05 16:53:10 jsing Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -540,6 +540,9 @@ x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, (void) ctx->xsc->verify_cb(1, ctx->xsc); } } else if (ctx->error_depth == depth && !ctx->dump_chain) { + if (depth == 0 && + ctx->error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) + ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; (void) x509_verify_cert_error(ctx, cert, depth, ctx->error, 0); } -- cgit v1.2.3