From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 14 Feb 2014 15:07:01 +0000 (+0000)
Subject: Include TA in checks/callback with partial chains.
X-Git-Tag: OpenSSL_1_0_2-beta1~30
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=b07e4f2f46fc286c306353d5e362cbc22c8547fb;p=oweals%2Fopenssl.git

Include TA in checks/callback with partial chains.

When a chain is complete and ends in a trusted root checks are also
performed on the TA and the callback notified with ok==1. For
consistency do the same for chains where the TA is not self signed.
(cherry picked from commit 385b3486661628f3f806205752bf968b8114b347)
---

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 07cd09f69d..5f91b01666 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1735,7 +1735,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
 		xs=xi;
 	else
 		{
-		if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
+		if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN)
 			{
 			xs = xi;
 			goto check_cert;