OpenSSL PR#3309: when looking for an extension, set the last found position

author sthen <sthen@openbsd.org>

Thu, 17 Apr 2014 09:18:20 +0000 (09:18 +0000)

committer sthen <sthen@openbsd.org>

Thu, 17 Apr 2014 09:18:20 +0000 (09:18 +0000)
author sthen <sthen@openbsd.org>
Thu, 17 Apr 2014 09:18:20 +0000 (09:18 +0000)
committer sthen <sthen@openbsd.org>
Thu, 17 Apr 2014 09:18:20 +0000 (09:18 +0000)
diff --git a/lib/libcrypto/x509v3/v3_purp.c b/lib/libcrypto/x509v3/v3_purp.c

index ad68865..f59bfc1 100644 (file)
--- a/lib/libcrypto/x509v3/v3_purp.c
+++ b/lib/libcrypto/x509v3/v3_purp.c
@@ -389,8 +389,8 @@ static void x509v3_cache_extensions(X509 *x)
         /* Handle proxy certificates */
         if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
                 if (x->ex_flags & EXFLAG_CA
-                   || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
-                   || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
+                   || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
+                   || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
                         x->ex_flags |= EXFLAG_INVALID;
                 }
                 if (pci->pcPathLengthConstraint) {
@@ -670,7 +670,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
                 return 0;
  
         /* Extended Key Usage MUST be critical */
-       i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0);
+       i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1);
         if (i_ext >= 0)
                 {
                 X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);
diff --git a/lib/libssl/src/crypto/x509v3/v3_purp.c b/lib/libssl/src/crypto/x509v3/v3_purp.c

index ad68865..f59bfc1 100644 (file)
--- a/lib/libssl/src/crypto/x509v3/v3_purp.c
+++ b/lib/libssl/src/crypto/x509v3/v3_purp.c
@@ -389,8 +389,8 @@ static void x509v3_cache_extensions(X509 *x)
         /* Handle proxy certificates */
         if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
                 if (x->ex_flags & EXFLAG_CA
-                   || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
-                   || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
+                   || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
+                   || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
                         x->ex_flags |= EXFLAG_INVALID;
                 }
                 if (pci->pcPathLengthConstraint) {
@@ -670,7 +670,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
                 return 0;
  
         /* Extended Key Usage MUST be critical */
-       i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0);
+       i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1);
         if (i_ext >= 0)
                 {
                 X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);
author	sthen <sthen@openbsd.org>
	Thu, 17 Apr 2014 09:18:20 +0000 (09:18 +0000)
committer	sthen <sthen@openbsd.org>
	Thu, 17 Apr 2014 09:18:20 +0000 (09:18 +0000)
lib/libcrypto/x509v3/v3_purp.c		patch \| blob \| history
lib/libssl/src/crypto/x509v3/v3_purp.c		patch \| blob \| history