From f36fedcc764bdcadef30fe214f51b18a17f3f08c Mon Sep 17 00:00:00 2001 From: David von Oheimb Date: Thu, 17 Aug 2017 21:45:06 +0200 Subject: [PATCH] Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL (backport) Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/4183) --- crypto/ocsp/ocsp_vfy.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index d4a257c33b..7a7d06094e 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -118,6 +118,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, goto end; } } + } else if (certs != NULL) { + untrusted = certs; } else { untrusted = bs->certs; } -- 2.25.1