projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 03d14f5)
Fix SuiteB chain checking logic.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 20 Nov 2014 14:06:50 +0000 (14:06 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 20 Nov 2014 22:14:29 +0000 (22:14 +0000)
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 7255ca99df1f2d83d99d113dd5ca54b88d50e72b)

ssl/t1_lib.c patch | blob | history

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 8e802a2e3f80a18783fb5313cd84fbb49445ff9d..d02ae19d58f47560a5f512d8dc1ebaf8f6fc8cc0 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4240,13 +4240,10 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
                if (check_flags)
                        check_flags |= CERT_PKEY_SUITEB;
                ok = X509_chain_check_suiteb(NULL, x, chain, suiteb_flags);
-               if (ok != X509_V_OK)
-                       {
-                       if (check_flags)
-                               rv |= CERT_PKEY_SUITEB;
-                       else
-                               goto end;
-                       }
+               if (ok == X509_V_OK)
+                       rv |= CERT_PKEY_SUITEB;
+               else if (!check_flags)
+                       goto end;
                }
 
        /* Check all signature algorithms are consistent with
Unnamed repository; edit this file 'description' to name the repository.