X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fx509%2Fx509_vfy.c;h=d58f90010b20ac6a8242c274ba33415eb27252a3;hp=d1aa3dafd6d378f830e304173dd48c376a794681;hb=96ea4ae91c7fda9fd28a013182b0e8dc67b7ac7d;hpb=7af5726108188e4e4e4ca1a95cea43801ec19905

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index d1aa3dafd6..d58f90010b 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -314,6 +314,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 		ok=internal_verify(ctx);
 	if(!ok) goto end;
 
+#ifdef OPENSSL_RFC3779
+	/* RFC 3779 path validation, now that CRL check has been done */
+	ok = v3_asid_validate_path(ctx);
+	if (!ok) goto end;
+	ok = v3_addr_validate_path(ctx);
+	if (!ok) goto end;
+#endif
+
 	/* If we get this far evaluate policies */
 	if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
 		ok = ctx->check_policy(ctx);