Ensure leaf is set up on X509_STORE_CTX before verification.

Previously the leaf certificate was only being set up on the X509_STORE_CTX
after two verification steps were performed, however at least one of those
steps could result in the verification callback being triggered and
existing code breaking.

Issue noticed by Raf Czlonka when attempting to connect to talk.google.com
using profanity (which does not set SNI and ends up receiving an invalid
certificate).

ok beck@ deraadt@ tb@

1 files changed, 7 insertions, 9 deletions

diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c
index 53a06b193b4..0c32cd04b74 100644
--- a/lib/libcrypto/x509/x509_verify.c
+++ b/lib/libcrypto/x509/x509_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.12 2020/09/23 18:20:16 jsing Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.13 2020/09/26 15:44:06 jsing Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -862,15 +862,7 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name)
 			return 0;
 		}
 		leaf = ctx->xsc->cert;
-	}
-
-	if (!x509_verify_cert_valid(ctx, leaf, NULL))
-		return 0;
-
-	if (!x509_verify_cert_hostname(ctx, leaf, name))
-		return 0;
 
-	if (ctx->xsc != NULL) {
 		/*
 		 * XXX
 		 * The legacy code expects the top level cert to be
@@ -895,6 +887,12 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name)
 		ctx->xsc->current_cert = leaf;
 	}
 
+	if (!x509_verify_cert_valid(ctx, leaf, NULL))
+		return 0;
+
+	if (!x509_verify_cert_hostname(ctx, leaf, name))
+		return 0;
+
 	if ((current_chain = x509_verify_chain_new()) == NULL) {
 		ctx->error = X509_V_ERR_OUT_OF_MEM;
 		return 0;