vendor/openssl/0.9.8m

author: Simon L. B. Nielsen <simon@FreeBSD.org> 2010-02-28 18:49:43 +0000
committer: Simon L. B. Nielsen <simon@FreeBSD.org> 2010-02-28 18:49:43 +0000
commit: f7a1b4761cf3f798e1b42d703d38221b47ce1eec (patch)
tree: 21770f10e7f26d05fc9b0fa96a7b6d7b107552c5 /ssl/ssl_cert.c
parent: f0c2a617dfb432d01bc5a716eb18dae12e6b45e3 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index a32b2d444645..16fda5d8bffe 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -500,9 +500,6 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
 		return(0);
 		}
-	if (s->param)
-		X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx),
-						s->param);
 #if 0
 	if (SSL_get_verify_depth(s) >= 0)
 		X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
@@ -516,6 +513,10 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 
 	X509_STORE_CTX_set_default(&ctx,
 				s->server ? "ssl_client" : "ssl_server");
+	/* Anything non-default in "param" should overwrite anything in the
+	 * ctx.
+	 */
+	X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
 
 	if (s->verify_callback)
 		X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
author	Simon L. B. Nielsen <simon@FreeBSD.org>	2010-02-28 18:49:43 +0000
committer	Simon L. B. Nielsen <simon@FreeBSD.org>	2010-02-28 18:49:43 +0000
commit	f7a1b4761cf3f798e1b42d703d38221b47ce1eec (patch)
tree	21770f10e7f26d05fc9b0fa96a7b6d7b107552c5 /ssl/ssl_cert.c
parent	f0c2a617dfb432d01bc5a716eb18dae12e6b45e3 (diff)