If not checking all certificates don't attempt to find a CRL

[openssl.git] / crypto / x509 / x509_vpm.c

diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 9c37c4ded3b8f563294b854869004fd09a7d175e..dfd89d89faf0e885b2dca37ed1edcc11248c3aa0 100644 (file)
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -1,5 +1,5 @@
 /* x509_vpm.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
 /* ====================================================================
@@ -74,7 +74,8 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
        param->name = NULL;
        param->purpose = 0;
        param->trust = 0;
-       param->inh_flags = X509_VP_FLAG_DEFAULT;
+       /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/
+       param->inh_flags = 0;
        param->flags = 0;
        param->depth = -1;
        if (param->policies)
@@ -198,8 +199,12 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
 int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
                                                const X509_VERIFY_PARAM *from)
        {
+       unsigned long save_flags = to->inh_flags;
+       int ret;
        to->inh_flags |= X509_VP_FLAG_DEFAULT;
-       return X509_VERIFY_PARAM_inherit(to, from);
+       ret = X509_VERIFY_PARAM_inherit(to, from);
+       to->inh_flags = save_flags;
+       return ret;
        }
 
 int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
@@ -320,11 +325,21 @@ static const X509_VERIFY_PARAM default_table[] = {
        0,              /* flags */
        0,              /* purpose */
        0,              /* trust */
-       9,              /* depth */
+       100,            /* depth */
        NULL            /* policies */
        },
        {
-       "pkcs7",                        /* SSL/TLS client parameters */
+       "pkcs7",                        /* S/MIME sign parameters */
+       0,                              /* Check time */
+       0,                              /* internal flags */
+       0,                              /* flags */
+       X509_PURPOSE_SMIME_SIGN,        /* purpose */
+       X509_TRUST_EMAIL,               /* trust */
+       -1,                             /* depth */
+       NULL                            /* policies */
+       },
+       {
+       "smime_sign",                   /* S/MIME sign parameters */
        0,                              /* Check time */
        0,                              /* internal flags */
        0,                              /* flags */
@@ -362,10 +377,10 @@ static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
        return strcmp(a->name, b->name);
        }
 
-DECLARE_OBJ_BSEARCH_CMP_FN(const X509_VERIFY_PARAM, const X509_VERIFY_PARAM,
-                          table_cmp);
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509_VERIFY_PARAM, const X509_VERIFY_PARAM,
-                            table_cmp);
+DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM,
+                          table);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM,
+                            table);
 
 static int param_cmp(const X509_VERIFY_PARAM * const *a,
                        const X509_VERIFY_PARAM * const *b)
@@ -410,10 +425,8 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
                if (idx != -1)
                        return sk_X509_VERIFY_PARAM_value(param_table, idx);
                }
-       return OBJ_bsearch(const X509_VERIFY_PARAM, &pm,
-                          const X509_VERIFY_PARAM, default_table,
-                          sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
-                          table_cmp);
+       return OBJ_bsearch_table(&pm, default_table,
+                          sizeof(default_table)/sizeof(X509_VERIFY_PARAM));
        }
 
 void X509_VERIFY_PARAM_table_cleanup(void)