X509 *x;
int ret = 1;
int i, n;
- *ptree = NULL;
- n = sk_X509_num(certs);
int explicit_policy;
int any_skip;
int map_skip;
+ *ptree = NULL;
+ n = sk_X509_num(certs);
/* Disable policy mapping for now... */
flags |= X509_V_FLAG_INHIBIT_MAP;
/* Any matching allowed if certificate is self
* issued and not the last in the chain.
*/
- if (!(x->ex_flags && EXFLAG_SS) || (i == 0))
+ if (!(x->ex_flags & EXFLAG_SS) || (i == 0))
level->flags |= X509_V_FLAG_INHIBIT_ANY;
}
else
*/
static int tree_calculate_authority_set(X509_POLICY_TREE *tree,
- STACK_OF(X509_POLICY_NODES) **pnodes)
+ STACK_OF(X509_POLICY_NODE) **pnodes)
{
X509_POLICY_LEVEL *curr;
X509_POLICY_NODE *node, *anyptr;
- STACK_OF(X509_POLICY_NODES) **addnodes;
+ STACK_OF(X509_POLICY_NODE) **addnodes;
int i, j;
curr = tree->levels + tree->nlevel - 1;
* -2 User constrained policy set empty and requireExplicit true.
*/
-int X509_policy_check(X509_POLICY_TREE **ptree, int *explicit,
+int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
STACK_OF(X509) *certs,
STACK_OF(ASN1_OBJECT) *policy_oids,
unsigned int flags)
{
int ret;
X509_POLICY_TREE *tree = NULL;
- STACK_OF(X509_NODE) *nodes, *auth_nodes = NULL;
+ STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
*ptree = NULL;
- *explicit = 0;
+ *pexplicit_policy = 0;
ret = tree_init(&tree, certs, flags);
/* Tree empty requireExplicit True: Error */
case 6:
- *explicit = 1;
+ *pexplicit_policy = 1;
return -2;
/* Tree OK requireExplicit True: OK and continue */
case 5:
- *explicit = 1;
+ *pexplicit_policy = 1;
break;
/* Tree OK: continue */
break;
}
+ if (!tree) goto error;
ret = tree_evaluate(tree);
if (ret <= 0)
if (ret == 2)
{
X509_policy_tree_free(tree);
- if (*explicit)
+ if (*pexplicit_policy)
return -2;
else
return 1;
if (tree)
*ptree = tree;
- if (*explicit)
+ if (*pexplicit_policy)
{
nodes = X509_policy_tree_get0_user_policies(tree);
if (sk_X509_POLICY_NODE_num(nodes) <= 0)