Initialise X509_STORE_CTX properly so CRLs with nextUpdate date in the past

[openssl.git] / crypto / x509 / x509_vfy.c

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index ec9f6259feaebd21e27b51782f50c69c61a52777..0381c4a5028543d7473a5d281a235728a4299189 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -698,6 +698,7 @@ static int check_cert(X509_STORE_CTX *ctx)
        x = sk_X509_value(ctx->chain, cnum);
        ctx->current_cert = x;
        ctx->current_issuer = NULL;
        x = sk_X509_value(ctx->chain, cnum);
        ctx->current_cert = x;
        ctx->current_issuer = NULL;

+       ctx->current_crl_score = 0;

        ctx->current_reasons = 0;
        while (ctx->current_reasons != CRLDP_ALL_REASONS)
                {
        ctx->current_reasons = 0;
        while (ctx->current_reasons != CRLDP_ALL_REASONS)
                {


@@ -2010,6 +2011,9 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        ctx->error_depth=0;
        ctx->current_cert=NULL;
        ctx->current_issuer=NULL;
        ctx->error_depth=0;
        ctx->current_cert=NULL;
        ctx->current_issuer=NULL;

+       ctx->current_crl=NULL;
+       ctx->current_crl_score=0;
+       ctx->current_reasons=0;

        ctx->tree = NULL;
        ctx->parent = NULL;
 
        ctx->tree = NULL;
        ctx->parent = NULL;