diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-19 15:01:32 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-19 15:01:32 +0000 |
| commit | 54a0076e94dc411e3569bb069dd6d53f95787575 (patch) | |
| tree | 66c4d1d9f2f263aba087de68172eaeb31078c500 /crypto/ocsp | |
| parent | f8cab37bc1ebcfb06cd7bb3e51836cd8f1625fa2 (diff) | |
Check chain is not NULL before assuming we have a validated chain. The
modification to the OCSP helper purpose breaks normal OCSP verification. It is
no longer needed now we can trust partial chains.
Diffstat (limited to 'crypto/ocsp')
| -rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 2f7f59c59a..f7cd36beb7 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -109,7 +109,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, * (If the signer is a root certificate, X509_verify_cert() * would fail anyway!) */ - if (chain == certs) goto verified_chain; + if (chain && chain == certs) goto verified_chain; /* If we trust some "other" certificates, allow partial * chains (because some of them might be |