diff options
| author |   tb <tb@openbsd.org> | 2020-10-26 12:01:01 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2020-10-26 12:01:01 +0000 |
| commit | 3cb8f152662978025c22a17b7ad15db3f9ed31dd (patch) | |
| tree | 6ac82bf39736e2d6a67f982bd489753fc6474c61 | |
| parent | If x509_verify() fails, ensure that the error is also set on the store (diff) | |
| download | wireguard-openbsd-3cb8f152662978025c22a17b7ad15db3f9ed31dd.tar.xz wireguard-openbsd-3cb8f152662978025c22a17b7ad15db3f9ed31dd.zip | |
Add a safety net to ensure that we set an error on the store context.
Suggested by and discussed with beck
| -rw-r--r-- | lib/libcrypto/x509/x509_verify.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c index 74316cb9411..124d4ba34ee 100644 --- a/lib/libcrypto/x509/x509_verify.c +++ b/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.15 2020/10/26 11:59:16 tb Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.16 2020/10/26 12:01:01 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck <beck@openbsd.org> * @@ -932,6 +932,8 @@ x509_verify(struct x509_verify_ctx *ctx, X509 *leaf, char *name) return (ctx->chains_count); err: + if (ctx->error == X509_V_OK) + ctx->error = X509_V_ERR_UNSPECIFIED; if (ctx->xsc != NULL) ctx->xsc->error = ctx->error; return 0; |