diff options
author | Kyungwook Tak <k.tak@samsung.com> | 2015-08-31 16:19:30 +0900 |
---|---|---|
committer | Kyungwook Tak <k.tak@samsung.com> | 2015-08-31 16:21:32 +0900 |
commit | ca2b56e2594c5e549d1c5c2e0ea625770f59bb75 (patch) | |
tree | 7712fcee7b020d7ebc0820aac202f8af2de6a924 /crypto/ocsp/ocsp_vfy.c | |
parent | a23523f545972af9d67393bb41a17e1564e36cd4 (diff) | |
parent | 13ea66c69fd44fadc3e1493311a74537b8cb5d7c (diff) | |
download | openssl-ca2b56e2594c5e549d1c5c2e0ea625770f59bb75.tar.gz openssl-ca2b56e2594c5e549d1c5c2e0ea625770f59bb75.tar.bz2 openssl-ca2b56e2594c5e549d1c5c2e0ea625770f59bb75.zip |
Upgrade openssl version to 1.0.1ptizen_3.0.m2.a1_tv_releasetizen_3.0.m2.a1_mobile_releasetizen_3.0.m1_tv_releasetizen_3.0.m1_mobile_releasesubmit/tizen_common/20151026.085049submit/tizen_common/20151023.083358submit/tizen_common/20151019.135620submit/tizen_common/20151015.190624submit/tizen/20150831.092033submit/tizen/20150831.090327accepted/tizen/wearable/20150901.083422accepted/tizen/tv/20150901.083409accepted/tizen/mobile/20150901.083356tizen_3.0.m1_tvtizen_3.0.m1_mobile
Change-Id: I4adbd2d17c72f228aea1396678f1e11a67b63bdc
Diffstat (limited to 'crypto/ocsp/ocsp_vfy.c')
-rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 6c0ccb5..d4a257c 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -83,6 +83,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, { X509 *signer, *x; STACK_OF(X509) *chain = NULL; + STACK_OF(X509) *untrusted = NULL; X509_STORE_CTX ctx; int i, ret = 0; ret = ocsp_find_signer(&signer, bs, certs, st, flags); @@ -107,10 +108,20 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, } if (!(flags & OCSP_NOVERIFY)) { int init_res; - if (flags & OCSP_NOCHAIN) - init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); - else - init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); + if (flags & OCSP_NOCHAIN) { + untrusted = NULL; + } else if (bs->certs && certs) { + untrusted = sk_X509_dup(bs->certs); + for (i = 0; i < sk_X509_num(certs); i++) { + if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE); + goto end; + } + } + } else { + untrusted = bs->certs; + } + init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); if (!init_res) { ret = -1; OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); @@ -161,6 +172,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, end: if (chain) sk_X509_pop_free(chain, X509_free); + if (bs->certs && certs) + sk_X509_free(untrusted); return ret; } |