Make sure the already existing X509_STORE->depth variable is initialized

in X509_STORE_new(), but document the fact that this variable is still
unused in the certificate verification process.

diff --git a/CHANGES b/CHANGES
index 7ab80cf2494dda3c7394643870e774b1c1c47a81..1fc8c6af43ed1d4513a2af52d2e4384c270e3095 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,11 @@
 
  Changes between 0.9.1c and 0.9.2
 
+  *) Make sure the already existing X509_STORE->depth variable is initialized
+     in X509_STORE_new(), but document the fact that this variable is still
+     unused in the certificate verification process.
+     [Ralf S. Engelschall]
+
   *) Fix the various library and apps files to free up pkeys obtained from
      EVP_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
      [Steve Henson]

diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index a740510b076ab975a83595d6fd5dd4e946f9a774..deec5adae5218895a18a08132bf9c990c7e8727c 100644 (file)
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -231,6 +231,7 @@ X509_STORE *X509_STORE_new()
        ret->verify_cb=NULL;
        memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
        ret->references=1;
+       ret->depth=0;
        return(ret);
        }
 

diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index 6849a8c749b395f1ac48110af048984e1ad6c298..e3c1304de9b34c01600522afb828925b42866576 100644 (file)
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -154,7 +154,7 @@ typedef struct x509_store_st
 
        CRYPTO_EX_DATA ex_data;
        int references;
-       int depth;              /* how deep to look */
+       int depth;              /* how deep to look (still unused) */
        }  X509_STORE;
 
 #define X509_STORE_set_depth(ctx,d)       ((ctx)->depth=(d))