diff options
Diffstat (limited to 'openssl/ssl/ssl_cert.c')
-rw-r--r-- | openssl/ssl/ssl_cert.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/openssl/ssl/ssl_cert.c b/openssl/ssl/ssl_cert.c index a32b2d444..27256eea8 100644 --- a/openssl/ssl/ssl_cert.c +++ b/openssl/ssl/ssl_cert.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -197,8 +197,10 @@ CERT *ssl_cert_dup(CERT *cert) * if you find that more readable */ ret->valid = cert->valid; - ret->mask = cert->mask; - ret->export_mask = cert->export_mask; + ret->mask_k = cert->mask_k; + ret->mask_a = cert->mask_a; + ret->export_mask_k = cert->export_mask_k; + ret->export_mask_a = cert->export_mask_a; #ifndef OPENSSL_NO_RSA if (cert->rsa_tmp != NULL) @@ -500,9 +502,6 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); return(0); } - if (s->param) - X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx), - s->param); #if 0 if (SSL_get_verify_depth(s) >= 0) X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); @@ -516,6 +515,10 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_set_default(&ctx, s->server ? "ssl_client" : "ssl_server"); + /* Anything non-default in "param" should overwrite anything in the + * ctx. + */ + X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param); if (s->verify_callback) X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); @@ -752,6 +755,8 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, sk_X509_NAME_push(stack,xn); } + ERR_clear_error(); + if (0) { err: |