* Improved adherence to Enhanced Security Services (ESS, RFC 2634 and RFC 5035)
for the TSP implementation.
+ As required by RFC 5035 check both ESSCertID and ESSCertIDv2 if both present.
Correct the semantics of checking the validation chain in case ESSCertID{,v2}
contains more than one certificate identifier: This means that all
certificates referenced there MUST be part of the validation chain.
* Check if first ESSCertIDs matches signer cert
* and each further ESSCertIDs matches any cert in the chain.
*/
- if (ss != NULL) {
+ if (ss != NULL)
for (i = 0; i < sk_ESS_CERT_ID_num(ss->cert_ids); i++) {
j = ossl_ess_find_cid(chain, sk_ESS_CERT_ID_value(ss->cert_ids, i),
NULL);
if (j < 0 || (i == 0 && j != 0))
goto err;
}
- ret = 1;
- } else if (ssv2 != NULL) {
+ if (ssv2 != NULL)
for (i = 0; i < sk_ESS_CERT_ID_V2_num(ssv2->cert_ids); i++) {
j = ossl_ess_find_cid(chain, NULL,
sk_ESS_CERT_ID_V2_value(ssv2->cert_ids, i));
if (j < 0 || (i == 0 && j != 0))
goto err;
}
- ret = 1;
- }
+ ret = 1;
err:
if (!ret)