diff options
author | Dr. David von Oheimb <dev@ddvo.net> | 2021-01-27 22:13:30 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-07-21 11:46:18 +0200 |
commit | 4672e5de9e22a752870c9a05e0a92faef9e6f340 (patch) | |
tree | bbb19d03ec3a39680a6604cb02506e6e5d451464 /ssl | |
parent | ee11462d31e0f05bc75264ab40bf90ae55cb1d7c (diff) |
tls_process_{client,server}_certificate(): allow verify_callback return > 1
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13937)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/statem/statem_clnt.c | 4 | ||||
-rw-r--r-- | ssl/statem/statem_srvr.c | 4 |
2 files changed, 0 insertions, 8 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index d5aa8797ff..d12d1e947e 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1884,10 +1884,6 @@ WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst) return WORK_ERROR; } ERR_clear_error(); /* but we keep s->verify_result */ - if (i > 1) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, i); - return WORK_ERROR; - } /* * Inconsistency alert: cert_chain does include the peer's certificate, diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 35e023b781..2be50733fe 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3524,10 +3524,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) SSL_R_CERTIFICATE_VERIFY_FAILED); goto err; } - if (i > 1) { - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, i); - goto err; - } pkey = X509_get0_pubkey(sk_X509_value(sk, 0)); if (pkey == NULL) { SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, |