Make tls1_check_chain return a set of flags indicating checks passed
[openssl.git] / ssl / ssl_cert.c
index 9547814..eb41cfd 100644 (file)
@@ -467,7 +467,8 @@ void ssl_cert_clear_certs(CERT *c)
                 if (cpk->authz != NULL)
                        OPENSSL_free(cpk->authz);
 #endif
-               cpk->valid_flags = 0;
+               /* Clear all flags apart from explicit sign */
+               cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN;
                }
        }