diff options
| author | marha <marha@users.sourceforge.net> | 2015-06-15 20:18:50 +0200 |
|---|---|---|
| committer | Mike DePaulo <mikedep333@gmail.com> | 2015-06-22 01:16:46 -0400 |
| commit | 36da4a2e0e43928a29ac2ee5c55bf681e90e2f42 (patch) | |
| tree | 92633e1022d705c72d0f97315891e719648dd17e /openssl/crypto/ocsp/ocsp_vfy.c | |
| parent | bec4be4c48239613ed1c704ae71bf08754eef711 (diff) | |
| download | vcxsrv-36da4a2e0e43928a29ac2ee5c55bf681e90e2f42.tar.gz vcxsrv-36da4a2e0e43928a29ac2ee5c55bf681e90e2f42.tar.bz2 vcxsrv-36da4a2e0e43928a29ac2ee5c55bf681e90e2f42.zip | |
Update to openssl-1.0.2crelease/external-1.17.0.0-x
Diffstat (limited to 'openssl/crypto/ocsp/ocsp_vfy.c')
| -rw-r--r-- | openssl/crypto/ocsp/ocsp_vfy.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/openssl/crypto/ocsp/ocsp_vfy.c b/openssl/crypto/ocsp/ocsp_vfy.c index 6c0ccb565..d4a257c33 100644 --- a/openssl/crypto/ocsp/ocsp_vfy.c +++ b/openssl/crypto/ocsp/ocsp_vfy.c @@ -83,6 +83,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, { X509 *signer, *x; STACK_OF(X509) *chain = NULL; + STACK_OF(X509) *untrusted = NULL; X509_STORE_CTX ctx; int i, ret = 0; ret = ocsp_find_signer(&signer, bs, certs, st, flags); @@ -107,10 +108,20 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, } if (!(flags & OCSP_NOVERIFY)) { int init_res; - if (flags & OCSP_NOCHAIN) - init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); - else - init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); + if (flags & OCSP_NOCHAIN) { + untrusted = NULL; + } else if (bs->certs && certs) { + untrusted = sk_X509_dup(bs->certs); + for (i = 0; i < sk_X509_num(certs); i++) { + if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE); + goto end; + } + } + } else { + untrusted = bs->certs; + } + init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); if (!init_res) { ret = -1; OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); @@ -161,6 +172,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, end: if (chain) sk_X509_pop_free(chain, X509_free); + if (bs->certs && certs) + sk_X509_free(untrusted); return ret; } |