Fix for partial chain notification.

For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index f5bcec352a4f862b40dfc80024b392e68166b938..15dd25fce51e4ce7cce91bd151e7527449923c93 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1725,7 +1725,10 @@ static int internal_verify(X509_STORE_CTX *ctx)
        else
                {
                if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
-                       return check_cert_time(ctx, xi);
+                       {
+                       xs = xi;
+                       goto check_cert;
+                       }
                if (n <= 0)
                        {
                        ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
@@ -1776,6 +1779,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
 
                xs->valid = 1;
 
+               check_cert:
                ok = check_cert_time(ctx, xs);
                if (!ok)
                        goto end;