CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2024/01/10 10:31:28
Modified files:
lib/libcrypto/x509: x509_vfy.c
Log message:
Rework X509_STORE_CTX_set_{purpose,trust}()
Split the two codepaths in x509_vfy_purpose_inherit() into its two callers.
What remains is gross, but at least a reader has a chance of following all
this nonsense without leaving a significant amount of hair behind.
In short, purpose and trust are only overridden if they're not already
set. Otherwise silently ignore valid purpose and trust identifiers that
were passed in and succeed. Error on almost all invalid trust or purpose
ids, except 0, because... well... who knows, really?
ok jsing
