Fix for partial chain notification.

For consistency with other cases if we are performing
partial chain verification with just one certificate
notify the callback with ok==1.
(cherry picked from commit 852553d9005e13aed7feb986a5d71cb885b994c7)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index eaab34737e51e812373261781f38cfcd3de01b78..7d92a5b4f4bad9a9f1f51deaed8e8481911f2447 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1753,7 +1753,10 @@ static int internal_verify(X509_STORE_CTX *ctx)
        else
                {
                if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
-                       return check_cert_time(ctx, xi);
+                       {
+                       xs = xi;
+                       goto check_cert;
+                       }
                if (n <= 0)
                        {
                        ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
@@ -1804,6 +1807,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
 
                xs->valid = 1;
 
+               check_cert:
                ok = check_cert_time(ctx, xs);
                if (!ok)
                        goto end;