diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-06-30 11:21:00 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-06-30 11:21:00 +0000 |
commit | 43ea53a04a241785357e2d06869e94264fdac712 (patch) | |
tree | e18a66401f3f91fe89e6897a6809a0835175ad6f /ssl/ssl_cert.c | |
parent | fa07f00aafb043db93a412061e1da1bb18b195e8 (diff) |
Inherit parameters properly in SSL contexts: any parameters set should
replace those in the current list.
Diffstat (limited to 'ssl/ssl_cert.c')
-rw-r--r-- | ssl/ssl_cert.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index ccb30e0760..2f47eaf510 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -502,9 +502,6 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); return(0); } - if (s->param) - X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx), - s->param); #if 0 if (SSL_get_verify_depth(s) >= 0) X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); @@ -518,6 +515,12 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) X509_STORE_CTX_set_default(&ctx, s->server ? "ssl_client" : "ssl_server"); + /* Anything non-default in "param" should overwrite anything in the + * ctx. + */ + if (s->param) + X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), + s->param); if (s->verify_callback) X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); |