mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Restore last-resort expired untrusted intermediate issuers

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Viktor Dukhovni 2016-11-25 00:38:04 -05:00
parent ef2bf0f57c
commit c53f7355b9
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
crypto/x509/x509_vfy.c
View File

@ -308,16 +308,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
{
int i;
X509 *issuer, *rv = NULL;
for (i = 0; i < sk_X509_num(sk); i++) {
X509 *issuer = sk_X509_value(sk, i);
if (!ctx->check_issued(ctx, x, issuer))
continue;
if (x509_check_cert_time(ctx, issuer, -1))
return issuer;
issuer = sk_X509_value(sk, i);
if (ctx->check_issued(ctx, x, issuer)) {
rv = issuer;
if (x509_check_cert_time(ctx, rv, -1))
break;
}
}
return NULL;
return rv;
}
/* Given a possible certificate and issuer check them */