From 1f00dc4f8c0ef0101368de2adf22495e5e295114 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Sat, 9 Jul 2022 11:09:08 +0200 Subject: [PATCH] x509_vfy.c: Revert the core of #14094 regarding chain_build() error reporting The problem of producing to-the-point diagnostics will be fixed in a follow-up PR. Fixes #18691 Reviewed-by: Viktor Dukhovni Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/18758) --- crypto/x509/x509_vfy.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index df7cb7d5ea8..6a8a834b7d5 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -359,8 +359,6 @@ static int check_issued(ossl_unused X509_STORE_CTX *ctx, X509 *x, X509 *issuer) * SUBJECT_ISSUER_MISMATCH just means 'x' is clearly not issued by 'issuer'. * Every other error code likely indicates a real error. */ - if (err != X509_V_ERR_SUBJECT_ISSUER_MISMATCH) - ctx->error = err; return 0; } @@ -3014,7 +3012,6 @@ static int build_chain(X509_STORE_CTX *ctx) int alt_untrusted = 0; int max_depth; int ok = 0; - int prev_error = ctx->error; int i; /* Our chain starts with a single untrusted element. */ @@ -3296,8 +3293,6 @@ static int build_chain(X509_STORE_CTX *ctx) switch (trust) { case X509_TRUST_TRUSTED: - /* Must restore any previous error value for backward compatibility */ - ctx->error = prev_error; return 1; case X509_TRUST_REJECTED: /* Callback already issued */ -- 2.47.3