-/* $OpenBSD: x509_verify.c,v 1.46 2021/08/30 06:51:36 beck Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.47 2021/08/30 08:59:33 beck Exp $ */
/*
* Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
*
* We've just added the issuer for the previous certificate,
* clear its error if appropriate.
*/
- if (idx > 1 &&
- (chain->cert_errors[idx - 1] ==
- X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
- chain->cert_errors[idx - 1] ==
- X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
+ if (idx > 1 && chain->cert_errors[idx - 1] ==
+ X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
chain->cert_errors[idx - 1] = X509_V_OK;
return 1;
/* Clear a get issuer failure for a root certificate. */
if (chain->cert_errors[depth] ==
- X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
- chain->cert_errors[depth] ==
- X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)
+ X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
chain->cert_errors[depth] = X509_V_OK;
if (!x509_verify_ctx_validate_legacy_chain(ctx, chain, depth))
return;
count = ctx->chains_count;
- ctx->error = depth == 0 ? X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE :
- X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
ctx->error_depth = depth;
if (ctx->xsc != NULL) {
/*
projects / openbsd / commitdiff