From 57f6d6df0d63d97b03e3a21985d780169e9bd905 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 26 Feb 2021 15:19:41 +0000 Subject: [PATCH] Set is_trusted in x509_verify_ctx_add_chain() If we're about to add a chain we have a trust path, so we have at least one trusted certificate. This fixes a thinko from r1.31 and fixes the openssl(1) cms verify test. ok jsing (who had the same diff) --- lib/libcrypto/x509/x509_verify.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/libcrypto/x509/x509_verify.c b/lib/libcrypto/x509/x509_verify.c index 02db436b1ad..f51ea1d8689 100644 --- a/lib/libcrypto/x509/x509_verify.c +++ b/lib/libcrypto/x509/x509_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_verify.c,v 1.33 2021/02/25 16:58:59 jsing Exp $ */ +/* $OpenBSD: x509_verify.c,v 1.34 2021/02/26 15:19:41 tb Exp $ */ /* * Copyright (c) 2020-2021 Bob Beck * @@ -269,7 +269,7 @@ x509_verify_ctx_add_chain(struct x509_verify_ctx *ctx, ctx->xsc->error = X509_V_OK; ctx->xsc->error_depth = 0; - if (!x509_verify_ctx_set_xsc_chain(ctx, chain, 0, 0)) + if (!x509_verify_ctx_set_xsc_chain(ctx, chain, 0, 1)) return 0; /* -- 2.20.1