X509 verification fixes.

Ignore self issued certificates when checking path length constraints. Duplicate OIDs in policy tree in case they are allocated. Use anyPolicy from certificate cache and not current tree level.
author: Dr. Stephen Henson <steve@openssl.org> 2008-07-13 14:25:36 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2008-07-13 14:25:36 +0000
commit: db50661fce82a8f32bccaa7454be4041cbfad6d0 (patch)
tree: 761d5622052f34f9e45f906bff544792af5efc75 /crypto/x509v3/pcy_data.c
parent: f9afd9f861bc7b5fc1ae32ceff15572ef73cbbec (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c
index 614d2b4935..4711b1ee92 100644
--- a/crypto/x509v3/pcy_data.c
+++ b/crypto/x509v3/pcy_data.c
@@ -87,6 +87,12 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit)
 	X509_POLICY_DATA *ret;
 	if (!policy && !id)
 		return NULL;
+	if (id)
+		{
+		id = OBJ_dup(id);
+		if (!id)
+			return NULL;
+		}
 	ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));
 	if (!ret)
 		return NULL;
@@ -94,6 +100,8 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit)
 	if (!ret->expected_policy_set)
 		{
 		OPENSSL_free(ret);
+		if (id)
+			ASN1_OBJECT_free(id);
 		return NULL;
 		}
author	Dr. Stephen Henson <steve@openssl.org>	2008-07-13 14:25:36 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2008-07-13 14:25:36 +0000
commit	db50661fce82a8f32bccaa7454be4041cbfad6d0 (patch)
tree	761d5622052f34f9e45f906bff544792af5efc75 /crypto/x509v3/pcy_data.c
parent	f9afd9f861bc7b5fc1ae32ceff15572ef73cbbec (diff)