diff options
Diffstat (limited to 'deps/openssl/openssl/crypto/x509')
| -rw-r--r-- | deps/openssl/openssl/crypto/x509/by_dir.c | 3 | ||||
| -rw-r--r-- | deps/openssl/openssl/crypto/x509/by_file.c | 4 | ||||
| -rw-r--r-- | deps/openssl/openssl/crypto/x509/x509_meth.c | 4 | ||||
| -rw-r--r-- | deps/openssl/openssl/crypto/x509/x509_vfy.c | 11 |
4 files changed, 11 insertions, 11 deletions
diff --git a/deps/openssl/openssl/crypto/x509/by_dir.c b/deps/openssl/openssl/crypto/x509/by_dir.c index a690455729..4fa1dd37b9 100644 --- a/deps/openssl/openssl/crypto/x509/by_dir.c +++ b/deps/openssl/openssl/crypto/x509/by_dir.c @@ -78,7 +78,8 @@ static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, switch (cmd) { case X509_L_ADD_DIR: if (argl == X509_FILETYPE_DEFAULT) { - dir = (char *)getenv(X509_get_default_cert_dir_env()); + dir = (char *)ossl_safe_getenv(X509_get_default_cert_dir_env()); + if (dir) ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); else diff --git a/deps/openssl/openssl/crypto/x509/by_file.c b/deps/openssl/openssl/crypto/x509/by_file.c index 0bcc6af30e..77a7c4a2a6 100644 --- a/deps/openssl/openssl/crypto/x509/by_file.c +++ b/deps/openssl/openssl/crypto/x509/by_file.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -47,7 +47,7 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, switch (cmd) { case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { - file = getenv(X509_get_default_cert_file_env()); + file = ossl_safe_getenv(X509_get_default_cert_file_env()); if (file) ok = (X509_load_cert_crl_file(ctx, file, X509_FILETYPE_PEM) != 0); diff --git a/deps/openssl/openssl/crypto/x509/x509_meth.c b/deps/openssl/openssl/crypto/x509/x509_meth.c index 05ed4bf863..9dc587a092 100644 --- a/deps/openssl/openssl/crypto/x509/x509_meth.c +++ b/deps/openssl/openssl/crypto/x509/x509_meth.c @@ -58,9 +58,9 @@ int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) int X509_LOOKUP_meth_set_free( X509_LOOKUP_METHOD *method, - void (*free) (X509_LOOKUP *ctx)) + void (*free_fn) (X509_LOOKUP *ctx)) { - method->free = free; + method->free = free_fn; return 1; } diff --git a/deps/openssl/openssl/crypto/x509/x509_vfy.c b/deps/openssl/openssl/crypto/x509/x509_vfy.c index f86871f6d2..ba186d30b0 100644 --- a/deps/openssl/openssl/crypto/x509/x509_vfy.c +++ b/deps/openssl/openssl/crypto/x509/x509_vfy.c @@ -515,15 +515,14 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) /* check_purpose() makes the callback as needed */ if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca)) return 0; - /* Check pathlen if not self issued */ - if ((i > 1) && !(x->ex_flags & EXFLAG_SI) - && (x->ex_pathlen != -1) - && (plen > (x->ex_pathlen + proxy_path_length + 1))) { + /* Check pathlen */ + if ((i > 1) && (x->ex_pathlen != -1) + && (plen > (x->ex_pathlen + proxy_path_length))) { if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED)) return 0; } - /* Increment path length if not self issued */ - if (!(x->ex_flags & EXFLAG_SI)) + /* Increment path length if not a self issued intermediate CA */ + if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0) plen++; /* * If this certificate is a proxy certificate, the next certificate |