Tweaks to get null inheritance working

svn path=/openssl/trunk/crypto/x509v3/v3_addr.c; revision=160
author: Rob Austein <sra@hactrn.net> 2006-08-16 07:40:43 +0000
committer: Rob Austein <sra@hactrn.net> 2006-08-16 07:40:43 +0000
commit: 7eaa6a02cc58ae4cd47bdfc746bb3d256fe0693c (patch)
tree: 4df5b7a5e37b7e1e34e7ad248f8e283f270b43c2 /openssl/trunk/crypto/x509v3/v3_addr.c
parent: e8f93a484d9640c8c439e46a42cb878d7c2ea1de (diff)
1 files changed, 14 insertions, 3 deletions
diff --git a/openssl/trunk/crypto/x509v3/v3_addr.c b/openssl/trunk/crypto/x509v3/v3_addr.c
index 131aeffb..cea013e0 100644
--- a/openssl/trunk/crypto/x509v3/v3_addr.c
+++ b/openssl/trunk/crypto/x509v3/v3_addr.c
@@ -983,7 +983,13 @@ int v3_addr_validate_path(X509_STORE_CTX *ctx)
     x = sk_X509_value(ctx->chain, i);
     assert(x != NULL);
     if (x->rfc3779_addr == NULL) {
-      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+	IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+	if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
+	  validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+	  break;
+	}
+      }
       continue;
     }
     sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
@@ -992,8 +998,13 @@ int v3_addr_validate_path(X509_STORE_CTX *ctx)
       int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
       IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k);
       if (fp == NULL) {
-	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-      } else if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
+	if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
+	  validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+	  break;
+	}
+	continue;
+      }
+      if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
 	if (fc->ipAddressChoice->type == IPAddressChoice_inherit ||
 	    addr_contains(fp->ipAddressChoice->u.addressesOrRanges, 
 			  fc->ipAddressChoice->u.addressesOrRanges,
author	Rob Austein <sra@hactrn.net>	2006-08-16 07:40:43 +0000
committer	Rob Austein <sra@hactrn.net>	2006-08-16 07:40:43 +0000
commit	7eaa6a02cc58ae4cd47bdfc746bb3d256fe0693c (patch)
tree	4df5b7a5e37b7e1e34e7ad248f8e283f270b43c2 /openssl/trunk/crypto/x509v3/v3_addr.c
parent	e8f93a484d9640c8c439e46a42cb878d7c2ea1de (diff)