diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2001-05-24 22:58:35 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2001-05-24 22:58:35 +0000 |
commit | 76c919c1a3751df1747fc67620263d663c9b7ba1 (patch) | |
tree | 4cd696c4e91a3df4ced00ba72f6509fbc7c10f4a /crypto/x509/x509_trs.c | |
parent | 98405f240be550ff3c15a8f54cdf79c5580c371f (diff) |
Add missing variable length cipher flag for Blowfish.
Only use trust settings if either trust or reject settings
are present, otherwise use compatibility mode. This stops
root CAs being rejected if they have alias of keyid set.
Diffstat (limited to 'crypto/x509/x509_trs.c')
-rw-r--r-- | crypto/x509/x509_trs.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index c164badbe4..f0b93489d7 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -241,7 +241,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp) static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) { - if(x->aux) return obj_trust(trust->arg1, x, flags); + if(x->aux && (x->aux->trust || x->aux->reject)) + return obj_trust(trust->arg1, x, flags); /* we don't have any trust settings: for compatibility * we return trusted if it is self signed */ |