Really get X509_CRL_CHECK_ALL right this time...

author Dr. Stephen Henson <steve@openssl.org>

Wed, 4 Jun 2003 00:40:05 +0000 (00:40 +0000)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 4 Jun 2003 00:40:05 +0000 (00:40 +0000)
author Dr. Stephen Henson <steve@openssl.org>
Wed, 4 Jun 2003 00:40:05 +0000 (00:40 +0000)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 4 Jun 2003 00:40:05 +0000 (00:40 +0000)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c

index 552d1e72516ea191cb78f0d2269dfc6a0d8f9d4a..f60054bd398dff568da2b80f9e580bd06cecae1c 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx)
         if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
                 return 1;
         if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
         if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
                 return 1;
         if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
-               last = 0;
-       else
                 last = sk_X509_num(ctx->chain) - 1;
                 last = sk_X509_num(ctx->chain) - 1;
+       else
+               last = 0;
         for(i = 0; i <= last; i++)
                 {
                 ctx->error_depth = i;
         for(i = 0; i <= last; i++)
                 {
                 ctx->error_depth = i;
author	Dr. Stephen Henson <steve@openssl.org>
	Wed, 4 Jun 2003 00:40:05 +0000 (00:40 +0000)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 4 Jun 2003 00:40:05 +0000 (00:40 +0000)