From: tb Date: Wed, 28 Apr 2021 17:53:34 +0000 (+0000) Subject: Revert "Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in new X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=0ecb2561413dfe001143fc0619a27d776a37fa8c;p=openbsd Revert "Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in new verifier." (r1.27). While this may have "fixed" one corner case, it broke expectations of Perl Net::SSLeay and Ruby OpenSSL regression tests. ok bcook --- diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c index 9c34e31ee37..57c52aa2402 100644 --- a/lib/libcrypto/x509/x509_verify.c +++ b/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.36 2021/03/13 23:01:49 tobhe Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.37 2021/04/28 17:53:34 tb Exp $ */ /* * Copyright (c) 2020-2021 Bob Beck * @@ -558,9 +558,6 @@ x509_verify_build_chains(struct x509_verify_ctx *ctx, X509 *cert, (void) ctx->xsc->verify_cb(1, ctx->xsc); } } else if (ctx->error_depth == depth && !ctx->dump_chain) { - if (depth == 0 && - ctx->error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) - ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; if (!x509_verify_ctx_set_xsc_chain(ctx, current_chain, 0, 0)) return; (void) x509_verify_cert_error(ctx, cert, depth,