for (i = 0; i < sk_X509_num(trust); i++) {
issuer = sk_X509_value(trust, i);
if ((*check_issued)(store_ctx, cert, issuer)) {
- if (X509_add_cert(chain, cert, X509_ADD_FLAG_UP_REF))
+ if (X509_add_cert(chain, issuer, X509_ADD_FLAG_UP_REF))
ok = 1;
break;
}
if ((csc = X509_STORE_CTX_new_ex(libctx, propq)) == NULL
|| !X509_STORE_CTX_init(csc, ts, target, untrusted))
goto err;
+ X509_STORE_CTX_set_flags(csc, X509_V_FLAG_CHECK_SS_SIGNATURE);
X509_STORE_CTX_set_verify_cb(csc, selfsigned_verify_cb);
ok = X509_verify_cert(csc) > 0;
int res = 0;
if (trusted != NULL) {
- X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts);
+ X509_VERIFY_PARAM *vpm = (ts == NULL) ? NULL
+ : X509_STORE_get0_param(ts);
if ((ts = X509_STORE_new()) == NULL)
return 0;
projects / thirdparty / openssl.git / commitdiff
