aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/x509/x509_vfy.c
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2014-01-22 19:27:13 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2014-01-22 19:27:13 +0000
commit2dc7f78169ea4545102b8d9b0604f785cdc798f5 (patch)
tree916b5f4a06b1f51b6af3e4437ab74e3d27e9cdd9 /crypto/x509/x509_vfy.c
parentcbbee3a581d0bbf1b738c0805da55a438c265a20 (diff)
downloadsrc-2dc7f78169ea4545102b8d9b0604f785cdc798f5.tar.gz
src-2dc7f78169ea4545102b8d9b0604f785cdc798f5.zip
Import OpenSSL 1.0.1f.vendor/openssl/1.0.1f
Approved by: so (delphij), benl (silence)
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=261035 svn path=/vendor-crypto/openssl/1.0.1f/; revision=261036; tag=vendor/openssl/1.0.1f
Diffstat (limited to 'crypto/x509/x509_vfy.c')
-rw-r--r--crypto/x509/x509_vfy.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 12d71f54e2e5..5195ffef264d 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -694,6 +694,7 @@ static int check_cert(X509_STORE_CTX *ctx)
X509_CRL *crl = NULL, *dcrl = NULL;
X509 *x;
int ok, cnum;
+ unsigned int last_reasons;
cnum = ctx->error_depth;
x = sk_X509_value(ctx->chain, cnum);
ctx->current_cert = x;
@@ -702,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx)
ctx->current_reasons = 0;
while (ctx->current_reasons != CRLDP_ALL_REASONS)
{
+ last_reasons = ctx->current_reasons;
/* Try to retrieve relevant CRL */
if (ctx->get_crl)
ok = ctx->get_crl(ctx, &crl, x);
@@ -745,6 +747,15 @@ static int check_cert(X509_STORE_CTX *ctx)
X509_CRL_free(dcrl);
crl = NULL;
dcrl = NULL;
+ /* If reasons not updated we wont get anywhere by
+ * another iteration, so exit loop.
+ */
+ if (last_reasons == ctx->current_reasons)
+ {
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+ ok = ctx->verify_cb(0, ctx);
+ goto err;
+ }
}
err:
X509_CRL_free(crl);