Include TA in checks/callback with partial chains.

When a chain is complete and ends in a trusted root checks are also
performed on the TA and the callback notified with ok==1. For
consistency do the same for chains where the TA is not self signed.

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 8129fa084d12b86fe2f6a264a371e6444d242b00..869a4f29e8573aeba6181eaba4d95c7e15d34438 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1755,7 +1755,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
                xs=xi;
        else
                {
-               if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN && n == 0)
+               if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN)
                        {
                        xs = xi;
                        goto check_cert;