Adding a slash between the directoryt and the file is a problem with

[openssl.git] / crypto / x509 / x509_vfy.c

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 3c69bb9e0ec392bd17b93b4044ca04005ee5f7a7..2bb21b443ec0674b9738935302ad2173a5066e81 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx)
        if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
                return 1;
        if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
-               last = 0;
-       else
                last = sk_X509_num(ctx->chain) - 1;
+       else
+               last = 0;
        for(i = 0; i <= last; i++)
                {
                ctx->error_depth = i;
@@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
                                ok=(*cb)(0,ctx);
                                if (!ok) goto end;
                                }
-                       if (X509_verify(xs,pkey) <= 0)
+                       else if (X509_verify(xs,pkey) <= 0)
                                /* XXX  For the final trusted self-signed cert,
                                 * this is a waste of time.  That check should
                                 * optional so that e.g. 'openssl x509' can be
@@ -756,7 +756,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
        {
        char *str;
        ASN1_TIME atm;
-       time_t offset;
+       long offset;
        char buff1[24],buff2[24],*p;
        int i,j;
 
@@ -1054,10 +1054,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        ctx->cert=x509;
        ctx->untrusted=chain;
        ctx->last_untrusted=0;
-       ctx->purpose=store->purpose;
-       ctx->trust=store->trust;
        ctx->check_time=0;
-       ctx->flags=0;
        ctx->other_ctx=NULL;
        ctx->valid=0;
        ctx->chain=NULL;
@@ -1071,49 +1068,62 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
         * use defaults.
         */
 
-       ctx->flags = store->flags;
 
-       if (store->check_issued)
+       if (store)
+               {
+               ctx->purpose=store->purpose;
+               ctx->trust=store->trust;
+               ctx->flags = store->flags;
+               ctx->cleanup = store->cleanup;
+               }
+       else
+               {
+               ctx->purpose = 0;
+               ctx->trust = 0;
+               ctx->flags = 0;
+               ctx->cleanup = 0;
+               }
+
+       if (store && store->check_issued)
                ctx->check_issued = store->check_issued;
        else
                ctx->check_issued = check_issued;
 
-       if (store->get_issuer)
+       if (store && store->get_issuer)
                ctx->get_issuer = store->get_issuer;
        else
                ctx->get_issuer = X509_STORE_CTX_get1_issuer;
 
-       if (store->verify_cb)
+       if (store && store->verify_cb)
                ctx->verify_cb = store->verify_cb;
        else
                ctx->verify_cb = null_callback;
 
-       if (store->verify)
+       if (store && store->verify)
                ctx->verify = store->verify;
        else
                ctx->verify = internal_verify;
 
-       if (store->check_revocation)
+       if (store && store->check_revocation)
                ctx->check_revocation = store->check_revocation;
        else
                ctx->check_revocation = check_revocation;
 
-       if (store->get_crl)
+       if (store && store->get_crl)
                ctx->get_crl = store->get_crl;
        else
                ctx->get_crl = get_crl;
 
-       if (store->check_crl)
+       if (store && store->check_crl)
                ctx->check_crl = store->check_crl;
        else
                ctx->check_crl = check_crl;
 
-       if (store->cert_crl)
+       if (store && store->cert_crl)
                ctx->cert_crl = store->cert_crl;
        else
                ctx->cert_crl = cert_crl;
 
-       ctx->cleanup = store->cleanup;
 
        /* This memset() can't make any sense anyway, so it's removed. As
         * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a