Support for policy mappings extension.

Delete X509_POLICY_REF code. Fix handling of invalid policy extensions to return the correct error. Add command line option to inhibit policy mappings.
author: Dr. Stephen Henson <steve@openssl.org> 2008-08-12 10:32:56 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2008-08-12 10:32:56 +0000
commit: 002e66c0e81f94ac01d9a206e43eabb7f1c72a74 (patch)
tree: 8b27918e90406164f174b9ac457575675813f92e /crypto/x509
parent: e9746e03ee222b0123ac118f8952e161e7d48a2d (diff)
download: openssl-002e66c0e81f94ac01d9a206e43eabb7f1c72a74.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index fe47dcba52..05dcd8b0a3 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1122,7 +1122,8 @@ static int check_policy(X509_STORE_CTX *ctx)
 				continue;
 			ctx->current_cert = x;
 			ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
-			ret = ctx->verify_cb(0, ctx);
+			if(!ctx->verify_cb(0, ctx))
+				return 0;
 			}
 		return 1;
 		}
author	Dr. Stephen Henson <steve@openssl.org>	2008-08-12 10:32:56 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2008-08-12 10:32:56 +0000
commit	002e66c0e81f94ac01d9a206e43eabb7f1c72a74 (patch)
tree	8b27918e90406164f174b9ac457575675813f92e /crypto/x509
parent	e9746e03ee222b0123ac118f8952e161e7d48a2d (diff)
download	openssl-002e66c0e81f94ac01d9a206e43eabb7f1c72a74.tar.gz