From: Dr. Stephen Henson <steve@openssl.org>
Date: Sat, 2 Aug 2008 11:16:35 +0000 (+0000)
Subject: Make explicit_policy handling match expected RFC3280 behaviour.
X-Git-Tag: OpenSSL_0_9_8k^2~288
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=a9ff742e429678cf4aaffe63382edd99429ca7a5;hp=787287af402120ccbe516ad96bad7b25604a3380

Make explicit_policy handling match expected RFC3280 behaviour.
---

diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index c8bfa3773c..b1ce77b9af 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -130,11 +130,11 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
 			ret = 2;
 		if (explicit_policy > 0)
 			{
-			explicit_policy--;
-			if (!(x->ex_flags & EXFLAG_SI)
-				&& (cache->explicit_skip != -1)
+			if (!(x->ex_flags & EXFLAG_SI))
+				explicit_policy--;
+			if ((cache->explicit_skip != -1)
 				&& (cache->explicit_skip < explicit_policy))
-				explicit_policy = cache->explicit_skip + 1;
+				explicit_policy = cache->explicit_skip;
 			}
 		}