/* pcy_tree.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2004.
*/
/* ====================================================================
ret = 2;
if (explicit_policy > 0)
{
- explicit_policy--;
- if (!(x->ex_flags & EXFLAG_SS)
- && (cache->explicit_skip != -1)
+ if (!(x->ex_flags & EXFLAG_SI))
+ explicit_policy--;
+ if ((cache->explicit_skip != -1)
&& (cache->explicit_skip < explicit_policy))
explicit_policy = cache->explicit_skip;
}
tree->auth_policies = NULL;
tree->user_policies = NULL;
- if (!tree)
+ if (!tree->levels)
{
OPENSSL_free(tree);
return 0;
/* Any matching allowed if certificate is self
* issued and not the last in the chain.
*/
- if (!(x->ex_flags & EXFLAG_SS) || (i == 0))
+ if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
level->flags |= X509_V_FLAG_INHIBIT_ANY;
}
else
{
- any_skip--;
- if ((cache->any_skip > 0)
+ if (!(x->ex_flags & EXFLAG_SI))
+ any_skip--;
+ if ((cache->any_skip >= 0)
&& (cache->any_skip < any_skip))
any_skip = cache->any_skip;
}
else
{
map_skip--;
- if ((cache->map_skip > 0)
+ if ((cache->map_skip >= 0)
&& (cache->map_skip < map_skip))
map_skip = cache->map_skip;
}
if (data == NULL)
return 0;
- data->qualifier_set = curr->anyPolicy->data->qualifier_set;
+ /* Curr may not have anyPolicy */
+ data->qualifier_set = cache->anyPolicy->qualifier_set;
data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
if (!level_add_node(curr, data, node, tree))
{