Support setting of "no purpose" for trust.

[openssl.git] / crypto / asn1 / x_x509a.c

diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c
index b603f82de716376ebc8371c6c807267092a704c3..03a9c45aeb8ebeaee1558b47ff5cc9d98ebd9257 100644 (file)
--- a/crypto/asn1/x_x509a.c
+++ b/crypto/asn1/x_x509a.c
@@ -135,15 +135,26 @@ unsigned char *X509_keyid_get0(X509 *x, int *len)
 }
 
 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
-{
+       {
        X509_CERT_AUX *aux;
-       ASN1_OBJECT *objtmp;
-       if(!(objtmp = OBJ_dup(obj))) return 0;
-       if(!(aux = aux_get(x))) return 0;
-       if(!aux->trust
-               && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
-       return sk_ASN1_OBJECT_push(aux->trust, objtmp);
-}
+       ASN1_OBJECT *objtmp = NULL;
+       if (obj)
+               {
+               objtmp = OBJ_dup(obj);
+               if (!objtmp)
+                       return 0;
+               }
+       if(!(aux = aux_get(x)))
+               goto err;
+       if(!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null()))
+                       goto err;
+       if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp))
+               return 1;
+       err:
+       if (objtmp)
+               ASN1_OBJECT_free(objtmp);
+       return 0;
+       }
 
 int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
 {