if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
last = sk_X509_num(ctx->chain) - 1;
else
+ {
+ /* If checking CRL paths this isn't the EE certificate */
+ if (ctx->parent)
+ return 1;
last = 0;
+ }
for(i = 0; i <= last; i++)
{
ctx->error_depth = i;
if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH))
{
- if (!check_crl_path(ctx, ctx->current_issuer))
+ if (check_crl_path(ctx, ctx->current_issuer) <= 0)
{
ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
ok = ctx->verify_cb(0, ctx);