From: Dr. Stephen Henson <steve@openssl.org>
Date: Sun, 21 Sep 2003 02:18:15 +0000 (+0000)
Subject: In order to get the expected self signed error when
X-Git-Tag: BEN_FIPS_TEST_4^2~11^2~110
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7068c8b1a6b9f88fc96f9de78147a08c16b3639a;p=oweals%2Fopenssl.git

In order to get the expected self signed error when
calling X509_verify_cert() in x509.c the cert should
not be added to the trusted store.
---

diff --git a/apps/x509.c b/apps/x509.c
index f0ef5596fa..036e255054 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -1103,7 +1103,7 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
 	else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
 		goto end;
 
-	if (!X509_STORE_add_cert(ctx,x)) goto end;
+/*	if (!X509_STORE_add_cert(ctx,x)) goto end;*/
 
 	/* NOTE: this certificate can/should be self signed, unless it was
 	 * a certificate request in which case it is not. */