if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
last = sk_X509_num(ctx->chain) - 1;
else
+ {
+ /* If checking CRL paths this isn't the EE certificate */
+ if (ctx->parent)
+ return 1;
last = 0;
+ }
for(i = 0; i <= last; i++)
{
ctx->error_depth = i;
if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH))
{
- if (!check_crl_path(ctx, ctx->current_issuer))
+ if (check_crl_path(ctx, ctx->current_issuer) <= 0)
{
ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
ok = ctx->verify_cb(0, ctx);
offset= -offset;
}
atm.type=ctm->type;
+ atm.flags = 0;
atm.length=sizeof(buff2);
atm.data=(unsigned char *)buff2;
int offset_day, long offset_sec, time_t *in_tm)
{
time_t t;
- int type = -1;
if (in_tm) t = *in_tm;
else time(&t);
- if (s) type = s->type;
- if (!(s->flags & ASN1_STRING_FLAG_MSTRING))
+ if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING))
{
- if (type == V_ASN1_UTCTIME)
+ if (s->type == V_ASN1_UTCTIME)
return ASN1_UTCTIME_adj(s,t, offset_day, offset_sec);
- if (type == V_ASN1_GENERALIZEDTIME)
+ if (s->type == V_ASN1_GENERALIZEDTIME)
return ASN1_GENERALIZEDTIME_adj(s, t, offset_day,
offset_sec);
}
return chain;
}
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
+ {
+ return ctx->current_issuer;
+ }
+
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
+ {
+ return ctx->current_crl;
+ }
+
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
+ {
+ return ctx->parent;
+ }
+
void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
{
ctx->cert=x;