From 313b8ca5b6aece226d4efdb537a523f4bc23ae0a Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 20 Dec 2024 09:12:43 +0100 Subject: [PATCH] fix X509_PURPOSE_set() to support clearing the purpose requirement as needed for X509_VERIFY_PARAM_set_purpose() --- crypto/x509/v3_purp.c | 3 ++- crypto/x509/x509_vpm.c | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c index e917c455dec7c..1dd124cb80a76 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.c @@ -100,9 +100,10 @@ int X509_check_purpose(X509 *x, int id, int non_leaf) return pt->check_purpose(pt, x, non_leaf); } +/* resets to default (any) purpose if |purpose| == 0 */ int X509_PURPOSE_set(int *p, int purpose) { - if (X509_PURPOSE_get_by_id(purpose) == -1) { + if (purpose != 0 && X509_PURPOSE_get_by_id(purpose) == -1) { ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_PURPOSE); return 0; } diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 023a38a1c9fc8..bd2479a897c7b 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -296,6 +296,7 @@ int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags) return 1; } +/* resets to default (any) purpose if |purpose| == 0 */ int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) { return X509_PURPOSE_set(¶m->purpose, purpose);