This reverts commit
47daa155a31b0a54ce09ad2ed4d55fad74096dab.
The above commit was backported to the 1.0.2 branch as part of backporting
the alternative chain verify algorithm changes. However it has been pointed
out (credit to Shigeki Ohtsu) that this is unnecessary in 1.0.2 as this
commit is a work around for loop checking that only exists in master.
Reviewed-by: Richard Levitte <levitte@openssl.org>
&& !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
&& !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
while (j-- > 1) {
- STACK_OF(X509) *chtmp = ctx->chain;
xtmp2 = sk_X509_value(ctx->chain, j - 1);
- /*
- * Temporarily set chain to NULL so we don't discount
- * duplicates: the same certificate could be an untrusted
- * CA found in the trusted store.
- */
- ctx->chain = NULL;
ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
- ctx->chain = chtmp;
if (ok < 0)
goto end;
/* Check if we found an alternate chain */