From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 13 Dec 2013 14:05:32 +0000 (+0000)
Subject: Fix for partial chain notification.
X-Git-Tag: master-post-reformat~1047
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=102302b05b2ea9c46a29be8a1451b7d1d6e3aa78

Fix for partial chain notification.

For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
(cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)
---

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index eaab34737e..7d92a5b4f4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1753,7 +1753,10 @@ static int internal_verify(X509_STORE_CTX *ctx)
 	else
 		{
 		if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
-			return check_cert_time(ctx, xi);
+			{
+			xs = xi;
+			goto check_cert;
+			}
 		if (n <= 0)
 			{
 			ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
@@ -1804,6 +1807,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
 
 		xs->valid = 1;
 
+		check_cert:
 		ok = check_cert_time(ctx, xs);
 		if (!ok)
 			goto end;