Fix OCSP_basic_verify() cert chain construction in case bs->certs is NULL (backport)
authorDavid von Oheimb <David.von.Oheimb@siemens.com>
Thu, 17 Aug 2017 19:45:06 +0000 (21:45 +0200)
committerMatt Caswell <matt@openssl.org>
Fri, 18 Aug 2017 09:01:05 +0000 (10:01 +0100)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4183)

crypto/ocsp/ocsp_vfy.c

index d4a257c..7a7d060 100644 (file)
@@ -118,6 +118,8 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                     goto end;
                 }
             }
+        } else if (certs != NULL) {
+            untrusted = certs;
         } else {
             untrusted = bs->certs;
         }