Include TA in checks/callback with partial chains.

When a chain is complete and ends in a trusted root checks are also
performed on the TA and the callback notified with ok==1. For
consistency do the same for chains where the TA is not self signed.
(cherry picked from commit 385b3486661628f3f806205752bf968b8114b347)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 07cd09f69d30f605a1abbf4e62430984c53baab6..5f91b016661ba508d3554e042c6a6d485423a842 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1735,7 +1735,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
                xs=xi;
        else
                {
-               if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
+               if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN)
                        {
                        xs = xi;
                        goto check_cert;