Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL

Now the certs arg is not any more neglected when building the signer cert chain. Added case to test/recipes/80-test_ocsp.t proving fix for 3-level CA hierarchy. See also http://rt.openssl.org/Ticket/Display.html?id=4620 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4124) (cherry picked from commit 121738d1cbfffa704eef4073510f13b419e6f08d)
author: David von Oheimb <David.von.Oheimb@siemens.com> 2017-08-16 14:00:05 -0400
committer: Rich Salz <rsalz@openssl.org> 2017-08-16 14:36:48 -0400
commit: bfb10f970f792bf4a13fc6244b8752e70589b9c6 (patch)
tree: 1b9ef7757bd0d51b72c0070a1fdf65a3570661f3 /crypto/ocsp
parent: e7f235768d0c218657d06db625478dbdf4e1290f (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index e2cfa6dda5..809f7f41e1 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -73,6 +73,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                     goto f_err;
                 }
             }
+        } else if (certs != NULL) {
+            untrusted = certs;
         } else {
             untrusted = bs->certs;
         }
author	David von Oheimb <David.von.Oheimb@siemens.com>	2017-08-16 14:00:05 -0400
committer	Rich Salz <rsalz@openssl.org>	2017-08-16 14:36:48 -0400
commit	bfb10f970f792bf4a13fc6244b8752e70589b9c6 (patch)
tree	1b9ef7757bd0d51b72c0070a1fdf65a3570661f3 /crypto/ocsp
parent	e7f235768d0c218657d06db625478dbdf4e1290f (diff)