diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2008-08-12 10:32:56 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2008-08-12 10:32:56 +0000 |
commit | 002e66c0e81f94ac01d9a206e43eabb7f1c72a74 (patch) | |
tree | 8b27918e90406164f174b9ac457575675813f92e /crypto/x509 | |
parent | e9746e03ee222b0123ac118f8952e161e7d48a2d (diff) | |
download | openssl-002e66c0e81f94ac01d9a206e43eabb7f1c72a74.tar.gz |
Support for policy mappings extension.
Delete X509_POLICY_REF code.
Fix handling of invalid policy extensions to return the correct error.
Add command line option to inhibit policy mappings.
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/x509_vfy.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index fe47dcba52..05dcd8b0a3 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1122,7 +1122,8 @@ static int check_policy(X509_STORE_CTX *ctx) continue; ctx->current_cert = x; ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; - ret = ctx->verify_cb(0, ctx); + if(!ctx->verify_cb(0, ctx)) + return 0; } return 1; } |