Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch
branchs11-update
changeset 4626 d5dbb6652eec
parent 4489 2713cbca9e1e 
--- a/components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch	Fri Jul 10 20:29:35 2015 +0000
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/33_cert_chain.patch	Fri Jul 10 14:15:09 2015 -0700
@@ -61,10 +61,10 @@
 +
  int X509_verify_cert(X509_STORE_CTX *ctx)
  {
-     X509 *x, *xtmp, *chain_ss = NULL;
+     X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
 @@ -304,8 +331,17 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
- 
-     /* we now have our chain, lets check it... */
+         }
+     } while (retry);
  
 -    /* Is last certificate looked up self signed? */
 -    if (!ctx->check_issued(ctx, x, x)) {
@@ -184,9 +184,9 @@
 $ cvs diff -u -r1.67.2.3.4.1 -r1.67.2.3.4.2 x509_vfy.h
 --- openssl/crypto/x509/x509_vfy.h    26 Sep 2012 13:50:42 -0000    1.67.2.3.4.1
 +++ openssl/crypto/x509/x509_vfy.h    14 Dec 2012 14:30:46 -0000    1.67.2.3.4.2
-@@ -406,6 +406,9 @@
- /* Check selfsigned CA signature */
- # define X509_V_FLAG_CHECK_SS_SIGNATURE          0x4000
+@@ -412,6 +412,9 @@
+  */
+ # define X509_V_FLAG_NO_ALT_CHAINS               0x100000
  
 +/* Allow partial chains if at least one certificate is in trusted store */
 +# define X509_V_FLAG_PARTIAL_CHAIN               0x80000
upstream/oracle/userland-gate