diff options
| author | Yannik Sembritzki <yannik@sembritzki.org> | 2023-05-29 16:04:38 +0200 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2023-06-20 08:38:33 +0200 |
| commit | 7f4cc3bc34e2fc1acf2abf1f2d791855c446c611 (patch) | |
| tree | 6ecca8f5edd7a8d6eb471d5889dc8153a1515011 /apps | |
| parent | add no-http (diff) | |
| download | openssl-7f4cc3bc34e2fc1acf2abf1f2d791855c446c611.tar.xz openssl-7f4cc3bc34e2fc1acf2abf1f2d791855c446c611.zip | |
Remove restriction to only cross-sign self-signed certificates
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21137)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/x509.c | 13 |
1 files changed, 3 insertions, 10 deletions
diff --git a/apps/x509.c b/apps/x509.c index 35f788c6dd..bd19cbd551 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1149,16 +1149,7 @@ static int callb(int ok, X509_STORE_CTX *ctx) if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) return 1; - /* - * BAD we should have gotten an error. Normally if everything worked - * X509_STORE_CTX_get_error(ctx) will still be set to - * DEPTH_ZERO_SELF_.... - */ - if (ok) { - BIO_printf(bio_err, - "Error with certificate to be certified - should be self-signed\n"); - return 0; - } else { + if (!ok) { err_cert = X509_STORE_CTX_get_current_cert(ctx); print_name(bio_err, "subject=", X509_get_subject_name(err_cert)); BIO_printf(bio_err, @@ -1167,6 +1158,8 @@ static int callb(int ok, X509_STORE_CTX *ctx) X509_verify_cert_error_string(err)); return 1; } + + return 1; } static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt) |