if (!ok)
goto end;
+#ifndef OPENSSL_NO_RFC3779
/* RFC 3779 path validation, now that CRL check has been done */
ok = v3_asid_validate_path(ctx);
if (!ok)
ok = v3_addr_validate_path(ctx);
if (!ok)
goto end;
+#endif
/* If we get this far evaluate policies */
if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
X509_STORE_CTX *X509_STORE_CTX_new(void)
{
- X509_STORE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+ X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
if (!ctx) {
X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
- memset(ctx, 0, sizeof(*ctx));
return ctx;
}