Add missing variable length cipher flag for Blowfish.

Only use trust settings if either trust or reject settings are present, otherwise use compatibility mode. This stops root CAs being rejected if they have alias of keyid set.
author: Dr. Stephen Henson <steve@openssl.org> 2001-05-24 22:58:35 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2001-05-24 22:58:35 +0000
commit: 76c919c1a3751df1747fc67620263d663c9b7ba1 (patch)
tree: 4cd696c4e91a3df4ced00ba72f6509fbc7c10f4a /crypto/x509/x509_trs.c
parent: 98405f240be550ff3c15a8f54cdf79c5580c371f (diff)
download: openssl-76c919c1a3751df1747fc67620263d663c9b7ba1.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index c164badbe4..f0b93489d7 100644
--- a/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
@@ -241,7 +241,8 @@ int X509_TRUST_get_trust(X509_TRUST *xp)
 
 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
 {
-	if(x->aux) return obj_trust(trust->arg1, x, flags);
+	if(x->aux && (x->aux->trust || x->aux->reject))
+		return obj_trust(trust->arg1, x, flags);
 	/* we don't have any trust settings: for compatibility
 	 * we return trusted if it is self signed
 	 */
author	Dr. Stephen Henson <steve@openssl.org>	2001-05-24 22:58:35 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2001-05-24 22:58:35 +0000
commit	76c919c1a3751df1747fc67620263d663c9b7ba1 (patch)
tree	4cd696c4e91a3df4ced00ba72f6509fbc7c10f4a /crypto/x509/x509_trs.c
parent	98405f240be550ff3c15a8f54cdf79c5580c371f (diff)
download	openssl-76c919c1a3751df1747fc67620263d663c9b7ba1.tar.gz