diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2014-11-20 14:06:50 +0000 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2014-11-20 22:13:05 +0000 |
| commit | 7255ca99df1f2d83d99d113dd5ca54b88d50e72b (patch) | |
| tree | 49fc18f197e4409f6960974a79e2d8783ccd6e83 /ssl/t1_lib.c | |
| parent | c56a50b229932d2cef651d931b71a8cbffb029da (diff) | |
Fix SuiteB chain checking logic.
Reviewed-by: Matt Caswell <matt@openssl.org>
Diffstat (limited to 'ssl/t1_lib.c')
| -rw-r--r-- | ssl/t1_lib.c | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8b2b16bc87..e0f28d254b 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -4294,13 +4294,10 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, if (check_flags) check_flags |= CERT_PKEY_SUITEB; ok = X509_chain_check_suiteb(NULL, x, chain, suiteb_flags); - if (ok != X509_V_OK) - { - if (check_flags) - rv |= CERT_PKEY_SUITEB; - else - goto end; - } + if (ok == X509_V_OK) + rv |= CERT_PKEY_SUITEB; + else if (!check_flags) + goto end; } /* Check all signature algorithms are consistent with |