Support setting of "no purpose" for trust.

If the oid parameter is set to NULL in X509_add1_trust_object create an empty list of trusted purposes corresponding to "no purpose" if trust is checked.
author: Dr. Stephen Henson <steve@openssl.org> 2013-11-11 14:40:55 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-11-11 22:39:23 +0000
commit: 85c9ba23423fe0b00e9e44b1bb2de869e6567cae (patch)
tree: df2754288eb5f15cf8806286c4198f4970a4fe79 /crypto/asn1
parent: 5fad2c93bc161ab387de5810d9fa15b42893f702 (diff)
download: openssl-85c9ba23423fe0b00e9e44b1bb2de869e6567cae.tar.gz
1 files changed, 19 insertions, 8 deletions
diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c
index b603f82de7..03a9c45aeb 100644
--- a/crypto/asn1/x_x509a.c
+++ b/crypto/asn1/x_x509a.c
@@ -135,15 +135,26 @@ unsigned char *X509_keyid_get0(X509 *x, int *len)
 }
 
 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
-{
+	{
 	X509_CERT_AUX *aux;
-	ASN1_OBJECT *objtmp;
-	if(!(objtmp = OBJ_dup(obj))) return 0;
-	if(!(aux = aux_get(x))) return 0;
-	if(!aux->trust
-		&& !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
-	return sk_ASN1_OBJECT_push(aux->trust, objtmp);
-}
+	ASN1_OBJECT *objtmp = NULL;
+	if (obj)
+		{
+		objtmp = OBJ_dup(obj);
+		if (!objtmp)
+			return 0;
+		}
+	if(!(aux = aux_get(x)))
+		goto err;
+	if(!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null()))
+			goto err;
+	if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp))
+		return 1;
+	err:
+	if (objtmp)
+		ASN1_OBJECT_free(objtmp);
+	return 0;
+	}
 
 int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
 {
author	Dr. Stephen Henson <steve@openssl.org>	2013-11-11 14:40:55 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-11-11 22:39:23 +0000
commit	85c9ba23423fe0b00e9e44b1bb2de869e6567cae (patch)
tree	df2754288eb5f15cf8806286c4198f4970a4fe79 /crypto/asn1
parent	5fad2c93bc161ab387de5810d9fa15b42893f702 (diff)
download	openssl-85c9ba23423fe0b00e9e44b1bb2de869e6567cae.tar.gz