diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2008-08-02 11:16:35 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2008-08-02 11:16:35 +0000 |
commit | a9ff742e429678cf4aaffe63382edd99429ca7a5 (patch) | |
tree | 915928290b792b2e0243a8a4ee7aeb0a118abaa5 /crypto/x509v3/pcy_tree.c | |
parent | 787287af402120ccbe516ad96bad7b25604a3380 (diff) | |
download | openssl-a9ff742e429678cf4aaffe63382edd99429ca7a5.zip openssl-a9ff742e429678cf4aaffe63382edd99429ca7a5.tar.gz openssl-a9ff742e429678cf4aaffe63382edd99429ca7a5.tar.bz2 |
Make explicit_policy handling match expected RFC3280 behaviour.
Diffstat (limited to 'crypto/x509v3/pcy_tree.c')
-rw-r--r-- | crypto/x509v3/pcy_tree.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index c8bfa37..b1ce77b 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -130,11 +130,11 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, ret = 2; if (explicit_policy > 0) { - explicit_policy--; - if (!(x->ex_flags & EXFLAG_SI) - && (cache->explicit_skip != -1) + if (!(x->ex_flags & EXFLAG_SI)) + explicit_policy--; + if ((cache->explicit_skip != -1) && (cache->explicit_skip < explicit_policy)) - explicit_policy = cache->explicit_skip + 1; + explicit_policy = cache->explicit_skip; } } |