diff options
| author |   tb <tb@openbsd.org> | 2020-10-26 11:56:36 +0000 |
|---|---|---|
| committer | tb <tb@openbsd.org> | 2020-10-26 11:56:36 +0000 |
| commit | f31559c1104ef6f75ebac8460b57423cdcae6159 (patch) | |
| tree | cc06c2d5a6fc935f03b1a372da052378e9e512d8 | |
| parent | Add a -legacy_verify flag to force use of the old validator for debugging (diff) | |
| download | wireguard-openbsd-f31559c1104ef6f75ebac8460b57423cdcae6159.tar.xz wireguard-openbsd-f31559c1104ef6f75ebac8460b57423cdcae6159.zip | |
Make sure that x509_vfy_check_id() failure also sets ctx->error, not only
ctx->xsc->error. Will be needed in an upcoming diff.
from beck
| -rw-r--r-- | lib/libcrypto/x509/x509_verify.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c index 0c32cd04b74..fdde098df7a 100644 --- a/lib/libcrypto/x509/x509_verify.c +++ b/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.13 2020/09/26 15:44:06 jsing Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.14 2020/10/26 11:56:36 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck <beck@openbsd.org> * @@ -458,8 +458,13 @@ x509_verify_cert_hostname(struct x509_verify_ctx *ctx, X509 *cert, char *name) size_t len; if (name == NULL) { - if (ctx->xsc != NULL) - return x509_vfy_check_id(ctx->xsc); + if (ctx->xsc != NULL) { + int ret; + + if ((ret = x509_vfy_check_id(ctx->xsc)) == 0) + ctx->error = ctx->xsc->error; + return ret; + } return 1; } if ((candidate = strdup(name)) == NULL) { |