Introduce X509_add_cert[s] simplifying various additions to cert lists

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12615)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-04-26 18:30:45 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-08-12 13:54:37 +0200
commit: eeccc237239d6f2b6fbc557be7062bfe2ab836be (patch)
tree: 888f18ed5067404a0703b62f94a263317109f5be /crypto/ocsp/ocsp_vfy.c
parent: e3efe7a53299dff3cd2222542b6a999b1360d626 (diff)
1 files changed, 3 insertions, 6 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 0dccb24eb5..33cd236af7 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -67,16 +67,13 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
     }
     if (!(flags & OCSP_NOVERIFY)) {
         int init_res;
+
         if (flags & OCSP_NOCHAIN) {
             untrusted = NULL;
         } else if (bs->certs && certs) {
             untrusted = sk_X509_dup(bs->certs);
-            for (i = 0; i < sk_X509_num(certs); i++) {
-                if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
-                    OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
-                    goto f_err;
-                }
-            }
+            if (!X509_add_certs(untrusted, certs, X509_ADD_FLAG_DEFAULT))
+                goto f_err;
         } else if (certs != NULL) {
             untrusted = certs;
         } else {
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-04-26 18:30:45 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-08-12 13:54:37 +0200
commit	eeccc237239d6f2b6fbc557be7062bfe2ab836be (patch)
tree	888f18ed5067404a0703b62f94a263317109f5be /crypto/ocsp/ocsp_vfy.c
parent	e3efe7a53299dff3cd2222542b6a999b1360d626 (diff)