projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2e43027) | patch
Fix verify algorithm.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 24 Mar 2015 16:21:21 +0000 (16:21 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 24 Mar 2015 17:35:59 +0000 (17:35 +0000)
commite5991ec528b1c339062440811e2641f5ea2b328b
treeddc57a4cb678bb4aeb1261d702d7711f1d86a001tree | snapshot
parent2e430277578d3dd586cd005682a54a59d6158146commit | diff
Fix verify algorithm.

Disable loop checking when we retry verification with an alternative path.
This fixes the case where an intermediate CA is explicitly trusted and part
of the untrusted certificate list. By disabling loop checking for this case
the untrusted CA can be replaced by the explicitly trusted case and
verification will succeed.

Reviewed-by: Matt Caswell <matt@openssl.org>
crypto/x509/x509_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.