diff options
author | simon <simon@FreeBSD.org> | 2010-03-13 19:22:41 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2010-03-13 19:22:41 +0000 |
commit | 0d816bbd980d8201a2ad23ccd05f7bde16565282 (patch) | |
tree | 909a7c21b7df72ae8c08b80b468a4dd75b3820be /crypto/openssl/ssl/ssl_cert.c | |
parent | 7fd3bd147ec574621124307eca10ead5353e34ba (diff) | |
parent | cdb6eef1f013e22a10ab5f5829dcdc3b5e32d385 (diff) | |
download | FreeBSD-src-0d816bbd980d8201a2ad23ccd05f7bde16565282.zip FreeBSD-src-0d816bbd980d8201a2ad23ccd05f7bde16565282.tar.gz |
Merge OpenSSL 0.9.8m into head.
This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL. The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.
MFC after: 3 weeks
Diffstat (limited to 'crypto/openssl/ssl/ssl_cert.c')
-rw-r--r-- | crypto/openssl/ssl/ssl_cert.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c index a32b2d4..16fda5d 100644 --- a/crypto/openssl/ssl/ssl_cert.c +++ b/crypto/openssl/ssl/ssl_cert.c @@ -500,9 +500,6 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); return(0); } - if (s->param) - X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx), - s->param); #if 0 if (SSL_get_verify_depth(s) >= 0) X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); @@ -516,6 +513,10 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_set_default(&ctx, s->server ? "ssl_client" : "ssl_server"); + /* Anything non-default in "param" should overwrite anything in the + * ctx. + */ + X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param); if (s->verify_callback) X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); |