Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL (backport)

Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4183)
author: David von Oheimb <David.von.Oheimb@siemens.com> 2017-08-17 21:45:06 +0200
committer: Matt Caswell <matt@openssl.org> 2017-08-18 10:01:05 +0100
commit: f36fedcc764bdcadef30fe214f51b18a17f3f08c (patch)
tree: cb47db360accb07b5d98eb0d192ce329ebeb7ec3 /crypto/ocsp
parent: 3281f1eb65008c3c6176418f6c6f83b29d1e8482 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index d4a257c33b..7a7d06094e 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -118,6 +118,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                     goto end;
                 }
             }
+        } else if (certs != NULL) {
+            untrusted = certs;
         } else {
             untrusted = bs->certs;
         }
author	David von Oheimb <David.von.Oheimb@siemens.com>	2017-08-17 21:45:06 +0200
committer	Matt Caswell <matt@openssl.org>	2017-08-18 10:01:05 +0100
commit	f36fedcc764bdcadef30fe214f51b18a17f3f08c (patch)
tree	cb47db360accb07b5d98eb0d192ce329ebeb7ec3 /crypto/ocsp
parent	3281f1eb65008c3c6176418f6c6f83b29d1e8482 (diff)