diff options
Diffstat (limited to 'crypto/x509/x509_vfy.c')
-rw-r--r-- | crypto/x509/x509_vfy.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 8a7f1ba8e8..817901e6cb 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2230,6 +2230,12 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, /* If purpose not set use default */ if (purpose == 0) purpose = def_purpose; + /* + * If purpose is set but we don't have a default then set the default to + * the current purpose + */ + else if (def_purpose == 0) + def_purpose = purpose; /* If we have a purpose then check it is valid */ if (purpose != 0) { X509_PURPOSE *ptmp; @@ -2242,11 +2248,6 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, ptmp = X509_PURPOSE_get0(idx); if (ptmp->trust == X509_TRUST_DEFAULT) { idx = X509_PURPOSE_get_by_id(def_purpose); - /* - * XXX: In the two callers above def_purpose is always 0, which is - * not a known value, so idx will always be -1. How is the - * X509_TRUST_DEFAULT case actually supposed to be handled? - */ if (idx == -1) { ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_PURPOSE_ID); return 0; |