Adding a slash between the directoryt and the file is a problem with
[openssl.git] / crypto / x509 / x509_vfy.c
index 552d1e72516ea191cb78f0d2269dfc6a0d8f9d4a..2bb21b443ec0674b9738935302ad2173a5066e81 100644 (file)
@@ -453,9 +453,9 @@ static int check_revocation(X509_STORE_CTX *ctx)
        if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
                return 1;
        if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
-               last = 0;
-       else
                last = sk_X509_num(ctx->chain) - 1;
+       else
+               last = 0;
        for(i = 0; i <= last; i++)
                {
                ctx->error_depth = i;
@@ -674,7 +674,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
                                ok=(*cb)(0,ctx);
                                if (!ok) goto end;
                                }
-                       if (X509_verify(xs,pkey) <= 0)
+                       else if (X509_verify(xs,pkey) <= 0)
                                /* XXX  For the final trusted self-signed cert,
                                 * this is a waste of time.  That check should
                                 * optional so that e.g. 'openssl x509' can be