From: David von Oheimb <David.von.Oheimb@siemens.com>
Date: Thu, 17 Aug 2017 19:45:06 +0000 (+0200)
Subject: Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL (backport)
X-Git-Tag: OpenSSL_1_0_2m~37
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f36fedcc764bdcadef30fe214f51b18a17f3f08c;p=oweals%2Fopenssl.git

Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL (backport)

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4183)
---

diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index d4a257c33b..7a7d06094e 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -118,6 +118,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                     goto end;
                 }
             }
+        } else if (certs != NULL) {
+            untrusted = certs;
         } else {
             untrusted = bs->certs;
         }