From a8d8e06b0ac06c421fd11cc1772126dcb98f79ae Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Wed, 2 Sep 2015 22:01:18 +0100
Subject: Avoid direct X509 structure access

Reviewed-by: Tim Hudson <tjh@openssl.org>
---
 crypto/ocsp/ocsp_vfy.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'crypto/ocsp')

diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index d2693c7c54..9dd3f3a20a 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -355,8 +355,8 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
 
 static int ocsp_check_delegated(X509 *x, int flags)
 {
-    X509_check_purpose(x, -1, 0);
-    if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN))
+    if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
+        && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
         return 1;
     OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
     return 0;
-- 
cgit v1.2.3