diff options
author | David von Oheimb <David.von.Oheimb@siemens.com> | 2017-08-16 14:00:05 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-08-16 14:32:38 -0400 |
commit | 121738d1cbfffa704eef4073510f13b419e6f08d (patch) | |
tree | 20df0658cc657091fc6888e01872aaa5d0516b72 /crypto | |
parent | e0584e96c1b37edeec0222e28b9c37f97c6bbc02 (diff) |
Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL
Now the certs arg is not any more neglected when building the signer cert chain.
Added case to test/recipes/80-test_ocsp.t proving fix for 3-level CA hierarchy.
See also http://rt.openssl.org/Ticket/Display.html?id=4620
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4124)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index e2cfa6dda5..809f7f41e1 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -73,6 +73,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, goto f_err; } } + } else if (certs != NULL) { + untrusted = certs; } else { untrusted = bs->certs; } |