projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3281f1e)
Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL (backport)
authorDavid von Oheimb <David.von.Oheimb@siemens.com>
Thu, 17 Aug 2017 19:45:06 +0000 (21:45 +0200)
committerMatt Caswell <matt@openssl.org>
Fri, 18 Aug 2017 09:01:05 +0000 (10:01 +0100)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4183)

crypto/ocsp/ocsp_vfy.c patch | blob | history

diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index d4a257c33bb593af42578d81e288a7e24068c569..7a7d06094edfe41c54952da50018da02c4fc8d17 100644 (file)
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -118,6 +118,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                     goto end;
                 }
             }
+        } else if (certs != NULL) {
+            untrusted = certs;
         } else {
             untrusted = bs->certs;
         }
Unnamed repository; edit this file 'description' to name the repository.