diff options
Diffstat (limited to 'crypto/x509/x509_vfy.c')
| -rw-r--r-- | crypto/x509/x509_vfy.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index fd297e2..d4a5f3a 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -217,7 +217,6 @@ static int verify_chain(X509_STORE_CTX *ctx) if ((ok = build_chain(ctx)) == 0 || (ok = check_chain_extensions(ctx)) == 0 || (ok = check_auth_level(ctx)) == 0 || - (ok = check_name_constraints(ctx)) == 0 || (ok = check_id(ctx)) == 0 || 1) X509_get_pubkey_parameters(NULL, ctx->chain); if (ok == 0 || (ok = ctx->check_revocation(ctx)) == 0) @@ -235,6 +234,9 @@ static int verify_chain(X509_STORE_CTX *ctx) if (!ok) return ok; + if ((ok = check_name_constraints(ctx)) == 0) + return ok; + #ifndef OPENSSL_NO_RFC3779 /* RFC 3779 path validation, now that CRL check has been done */ if ((ok = X509v3_asid_validate_path(ctx)) == 0) |