tls_process_{client,server}_certificate(): allow verify_callback return > 1

Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13937)
author: Dr. David von Oheimb <dev@ddvo.net> 2021-01-27 22:13:30 +0100
committer: Dr. David von Oheimb <dev@ddvo.net> 2021-07-21 11:46:18 +0200
commit: 4672e5de9e22a752870c9a05e0a92faef9e6f340 (patch)
tree: bbb19d03ec3a39680a6604cb02506e6e5d451464 /ssl
parent: ee11462d31e0f05bc75264ab40bf90ae55cb1d7c (diff)
2 files changed, 0 insertions, 8 deletions
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index d5aa8797ff..d12d1e947e 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1884,10 +1884,6 @@ WORK_STATE tls_post_process_server_certificate(SSL *s, WORK_STATE wst)
         return WORK_ERROR;
     }
     ERR_clear_error();          /* but we keep s->verify_result */
-    if (i > 1) {
-        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, i);
-        return WORK_ERROR;
-    }
 
     /*
      * Inconsistency alert: cert_chain does include the peer's certificate,
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 35e023b781..2be50733fe 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -3524,10 +3524,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
                      SSL_R_CERTIFICATE_VERIFY_FAILED);
             goto err;
         }
-        if (i > 1) {
-            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, i);
-            goto err;
-        }
         pkey = X509_get0_pubkey(sk_X509_value(sk, 0));
         if (pkey == NULL) {
             SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
author	Dr. David von Oheimb <dev@ddvo.net>	2021-01-27 22:13:30 +0100
committer	Dr. David von Oheimb <dev@ddvo.net>	2021-07-21 11:46:18 +0200
commit	4672e5de9e22a752870c9a05e0a92faef9e6f340 (patch)
tree	bbb19d03ec3a39680a6604cb02506e6e5d451464 /ssl
parent	ee11462d31e0f05bc75264ab40bf90ae55cb1d7c (diff)