aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/x509/x509_vfy.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/x509/x509_vfy.c')
-rw-r--r--crypto/x509/x509_vfy.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 8563f65695..3ddb2303d3 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -771,18 +771,25 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
if(!purpose) purpose = def_purpose;
/* If we have a purpose then check it is valid */
if(purpose) {
+ X509_PURPOSE *ptmp;
idx = X509_PURPOSE_get_by_id(purpose);
if(idx == -1) {
X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
X509_R_UNKNOWN_PURPOSE_ID);
return 0;
}
- /* If trust not set then get from purpose default */
- if(!trust) {
- X509_PURPOSE *ptmp;
+ ptmp = X509_PURPOSE_get0(idx);
+ if(ptmp->trust == X509_TRUST_DEFAULT) {
+ idx = X509_PURPOSE_get_by_id(def_purpose);
+ if(idx == -1) {
+ X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+ X509_R_UNKNOWN_PURPOSE_ID);
+ return 0;
+ }
ptmp = X509_PURPOSE_get0(idx);
- trust = ptmp->trust;
}
+ /* If trust not set then get from purpose default */
+ if(!trust) trust = ptmp->trust;
}
if(trust) {
idx = X509_TRUST_get_by_id(trust);
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-21 10:50:27 +0000