diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2008-07-30 15:41:42 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2008-07-30 15:41:42 +0000 |
commit | 592a207b94dadbd03f352e8f74133efc0a141e3d (patch) | |
tree | ae4bb9b89ee23f7741af42c7edcb1390e494c1cb /crypto | |
parent | 6bcbac0abb35992732b77912f1cdc07cf9b7adec (diff) |
Policy validation fixes.
Inhibit any policy count should ignore self issued certificates.
Require explicit policy is the number certificate before an explict policy
is required.
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509v3/pcy_tree.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 846d3eae04..c8bfa3773c 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -134,7 +134,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, if (!(x->ex_flags & EXFLAG_SI) && (cache->explicit_skip != -1) && (cache->explicit_skip < explicit_policy)) - explicit_policy = cache->explicit_skip; + explicit_policy = cache->explicit_skip + 1; } } @@ -202,7 +202,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, } else { - any_skip--; + if (!(x->ex_flags & EXFLAG_SI)) + any_skip--; if ((cache->any_skip >= 0) && (cache->any_skip < any_skip)) any_skip = cache->any_skip; |