Check chain is not NULL before assuming we have a validated chain. The

modification to the OCSP helper purpose breaks normal OCSP verification. It is no longer needed now we can trust partial chains.
author: Dr. Stephen Henson <steve@openssl.org> 2012-12-19 15:01:32 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2012-12-19 15:01:32 +0000
commit: 54a0076e94dc411e3569bb069dd6d53f95787575 (patch)
tree: 66c4d1d9f2f263aba087de68172eaeb31078c500 /crypto/x509v3/v3_purp.c
parent: f8cab37bc1ebcfb06cd7bb3e51836cd8f1625fa2 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index b1eeaf9cf1..0774cbf827 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -87,7 +87,7 @@ static X509_PURPOSE xstandard[] = {
 	{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
 	{X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
 	{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
-	{X509_PURPOSE_OCSP_HELPER, X509_TRUST_OCSP_SIGN, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
+	{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
 	{X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL},
 };
author	Dr. Stephen Henson <steve@openssl.org>	2012-12-19 15:01:32 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2012-12-19 15:01:32 +0000
commit	54a0076e94dc411e3569bb069dd6d53f95787575 (patch)
tree	66c4d1d9f2f263aba087de68172eaeb31078c500 /crypto/x509v3/v3_purp.c
parent	f8cab37bc1ebcfb06cd7bb3e51836cd8f1625fa2 (diff)