aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/ocsp/ocsp_vfy.c
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2015-06-15 20:18:50 +0200
committerMike DePaulo <mikedep333@gmail.com>2015-06-22 01:39:02 -0400
commit76d3cb65aed1b2e454d129eb1e187e896f5e3a2a (patch)
treebca8e882abc81afce4770da47751e08f1bbeecec /openssl/crypto/ocsp/ocsp_vfy.c
parentdf30d2b2322d7940e83be76b63ce6f5a5a77f5b3 (diff)
downloadvcxsrv-76d3cb65aed1b2e454d129eb1e187e896f5e3a2a.tar.gz
vcxsrv-76d3cb65aed1b2e454d129eb1e187e896f5e3a2a.tar.bz2
vcxsrv-76d3cb65aed1b2e454d129eb1e187e896f5e3a2a.zip
Update to openssl-1.0.2c
Conflicts: openssl/Makefile
Diffstat (limited to 'openssl/crypto/ocsp/ocsp_vfy.c')
-rw-r--r--openssl/crypto/ocsp/ocsp_vfy.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/openssl/crypto/ocsp/ocsp_vfy.c b/openssl/crypto/ocsp/ocsp_vfy.c
index 6c0ccb565..d4a257c33 100644
--- a/openssl/crypto/ocsp/ocsp_vfy.c
+++ b/openssl/crypto/ocsp/ocsp_vfy.c
@@ -83,6 +83,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
{
X509 *signer, *x;
STACK_OF(X509) *chain = NULL;
+ STACK_OF(X509) *untrusted = NULL;
X509_STORE_CTX ctx;
int i, ret = 0;
ret = ocsp_find_signer(&signer, bs, certs, st, flags);
@@ -107,10 +108,20 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
}
if (!(flags & OCSP_NOVERIFY)) {
int init_res;
- if (flags & OCSP_NOCHAIN)
- init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
- else
- init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+ if (flags & OCSP_NOCHAIN) {
+ untrusted = NULL;
+ } else if (bs->certs && certs) {
+ untrusted = sk_X509_dup(bs->certs);
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+ }
+ } else {
+ untrusted = bs->certs;
+ }
+ init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);
if (!init_res) {
ret = -1;
OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
@@ -161,6 +172,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
end:
if (chain)
sk_X509_pop_free(chain, X509_free);
+ if (bs->certs && certs)
+ sk_X509_free(untrusted);
return ret;
}