Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL

Now the certs arg is not any more neglected when building the signer cert chain. Added case to test/recipes/80-test_ocsp.t proving fix for 3-level CA hierarchy. See also http://rt.openssl.org/Ticket/Display.html?id=4620 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4124)
author: David von Oheimb <David.von.Oheimb@siemens.com> 2017-08-16 14:00:05 -0400
committer: Rich Salz <rsalz@openssl.org> 2017-08-16 14:32:38 -0400
commit: 121738d1cbfffa704eef4073510f13b419e6f08d (patch)
tree: 20df0658cc657091fc6888e01872aaa5d0516b72 /crypto/ocsp
parent: e0584e96c1b37edeec0222e28b9c37f97c6bbc02 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index e2cfa6dda5..809f7f41e1 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -73,6 +73,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                     goto f_err;
                 }
             }
+        } else if (certs != NULL) {
+            untrusted = certs;
         } else {
             untrusted = bs->certs;
         }
author	David von Oheimb <David.von.Oheimb@siemens.com>	2017-08-16 14:00:05 -0400
committer	Rich Salz <rsalz@openssl.org>	2017-08-16 14:32:38 -0400
commit	121738d1cbfffa704eef4073510f13b419e6f08d (patch)
tree	20df0658cc657091fc6888e01872aaa5d0516b72 /crypto/ocsp
parent	e0584e96c1b37edeec0222e28b9c37f97c6bbc02 (diff)