diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2012-12-15 02:58:00 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2012-12-15 02:58:00 +0000 |
commit | e9754726d236b74476cd0be5fa60acfef0c7024f (patch) | |
tree | 7bab3fd41336b81893b28ba19489919fdc55ee8c /crypto/ocsp/ocsp_vfy.c | |
parent | 99fc818e93c28b02e5c0f681fcc5af7489893f9f (diff) | |
download | openssl-new-e9754726d236b74476cd0be5fa60acfef0c7024f.tar.gz |
Check chain is not NULL before assuming we have a validated chain.
The modification to the OCSP helper purpose breaks normal OCSP verification.
It is no longer needed now we can trust partial chains.
Diffstat (limited to 'crypto/ocsp/ocsp_vfy.c')
-rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 2f7f59c59a..f7cd36beb7 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -109,7 +109,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, * (If the signer is a root certificate, X509_verify_cert() * would fail anyway!) */ - if (chain == certs) goto verified_chain; + if (chain && chain == certs) goto verified_chain; /* If we trust some "other" certificates, allow partial * chains (because some of them might be |