diff options
| author |   jsing <jsing@openbsd.org> | 2021-02-25 16:58:59 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2021-02-25 16:58:59 +0000 |
| commit | 5d6c97755a6b6228e1f7931f69d0ade46cf92c99 (patch) | |
| tree | b4ef646b29492bdff6663ca323f78ae248a16871 | |
| parent | Avoid passing last and depth to x509_verify_cert_error() on ENOMEM. (diff) | |
| download | wireguard-openbsd-5d6c97755a6b6228e1f7931f69d0ade46cf92c99.tar.xz wireguard-openbsd-5d6c97755a6b6228e1f7931f69d0ade46cf92c99.zip | |
Rename depth to num_untrusted so it identifies what it actually represents.
ok tb@
| -rw-r--r-- | lib/libcrypto/x509/x509_verify.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c index 62cbb7cef80..02db436b1ad 100644 --- a/lib/libcrypto/x509/x509_verify.c +++ b/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.32 2021/02/25 16:57:10 jsing Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.33 2021/02/25 16:58:59 jsing Exp $ */ /* * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org> * @@ -197,22 +197,22 @@ static int x509_verify_ctx_set_xsc_chain(struct x509_verify_ctx *ctx, struct x509_verify_chain *chain, int set_error, int is_trusted) { - size_t depth; + size_t num_untrusted; int i; if (ctx->xsc == NULL) return 1; - depth = sk_X509_num(chain->certs); - if (is_trusted && depth > 0) - depth--; /* * XXX last_untrusted is actually the number of untrusted certs at the * bottom of the chain. This works now since we stop at the first * trusted cert. This will need fixing once we allow more than one * trusted certificate. */ - ctx->xsc->last_untrusted = depth; + num_untrusted = sk_X509_num(chain->certs); + if (is_trusted && num_untrusted > 0) + num_untrusted--; + ctx->xsc->last_untrusted = num_untrusted; sk_X509_pop_free(ctx->xsc->chain, X509_free); ctx->xsc->chain = X509_chain_up_ref(chain->certs); |