CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2024/01/10 10:31:28
Modified files: lib/libcrypto/x509: x509_vfy.c Log message: Rework X509_STORE_CTX_set_{purpose,trust}() Split the two codepaths in x509_vfy_purpose_inherit() into its two callers. What remains is gross, but at least a reader has a chance of following all this nonsense without leaving a significant amount of hair behind. In short, purpose and trust are only overridden if they're not already set. Otherwise silently ignore valid purpose and trust identifiers that were passed in and succeed. Error on almost all invalid trust or purpose ids, except 0, because... well... who knows, really? ok jsing