From 002e66c0e81f94ac01d9a206e43eabb7f1c72a74 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 12 Aug 2008 10:32:56 +0000 Subject: Support for policy mappings extension. Delete X509_POLICY_REF code. Fix handling of invalid policy extensions to return the correct error. Add command line option to inhibit policy mappings. --- crypto/x509/x509_vfy.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'crypto/x509') diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index fe47dcba52..05dcd8b0a3 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1122,7 +1122,8 @@ static int check_policy(X509_STORE_CTX *ctx) continue; ctx->current_cert = x; ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; - ret = ctx->verify_cb(0, ctx); + if(!ctx->verify_cb(0, ctx)) + return 0; } return 1; } -- cgit v1.2.3