X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fx509%2Fx509_vpm.c;h=41b0fde4a55067ff2dbdf1390e015f48d97b79b1;hp=827360d622951196010703d6a08bdbb0eaa139c8;hb=fbff671659bd51a7b124065ea6caf5b554111211;hpb=919ba009429b3617e975933f37a23be996a33b8d diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 827360d622..41b0fde4a5 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -1,4 +1,3 @@ -/* x509_vpm.c */ /* * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project * 2004. @@ -92,11 +91,11 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode, * Refuse names with embedded NUL bytes, except perhaps as final byte. * XXX: Do we need to push an error onto the error stack? */ - if (namelen == 0) + if (namelen == 0 || name == NULL) namelen = name ? strlen(name) : 0; else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen)) return 0; - if (name && name[namelen - 1] == '\0') + if (namelen > 0 && name[namelen - 1] == '\0') --namelen; if (mode == SET_HOST) { @@ -134,7 +133,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) return; param->name = NULL; param->purpose = 0; - param->trust = 0; + param->trust = X509_TRUST_DEFAULT; /* * param->inh_flags = X509_VP_FLAG_DEFAULT; */ @@ -244,7 +243,7 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, to_overwrite = 0; x509_verify_param_copy(purpose, 0); - x509_verify_param_copy(trust, 0); + x509_verify_param_copy(trust, X509_TRUST_DEFAULT); x509_verify_param_copy(depth, -1); /* If overwrite or check time not set, copy across */ @@ -512,7 +511,7 @@ static const X509_VERIFY_PARAM default_table[] = { "default", /* X509 default parameters */ 0, /* Check time */ 0, /* internal flags */ - 0, /* flags */ + X509_V_FLAG_TRUSTED_FIRST, /* flags */ 0, /* purpose */ 0, /* trust */ 100, /* depth */