Trivial change: move path validation checks into

check_chain_extensions(), just to be tidy. svn path=/openssl/trunk/crypto/x509/x509_vfy.c; revision=145
author: Rob Austein <sra@hactrn.net> 2006-08-11 20:09:51 +0000
committer: Rob Austein <sra@hactrn.net> 2006-08-11 20:09:51 +0000
commit: 946d919740934c98441936fe647a8e623983b6fe (patch)
tree: bd922705502824ee9db3d5c56da907dfde7b444a /openssl/trunk/crypto
parent: 1d549cff50f22f4dbcb24e8b4fe0e62ef1c1bbdf (diff)
1 files changed, 5 insertions, 9 deletions
diff --git a/openssl/trunk/crypto/x509/x509_vfy.c b/openssl/trunk/crypto/x509/x509_vfy.c
index 47b15455..713109b5 100644
--- a/openssl/trunk/crypto/x509/x509_vfy.c
+++ b/openssl/trunk/crypto/x509/x509_vfy.c
@@ -289,15 +289,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 
 	if (!ok) goto end;
 
-	/* Check RFC 3779 path validation */
-	ok = v3_asid_validate_path(ctx);
-
-	if (!ok) goto end;
-
-	ok = v3_addr_validate_path(ctx);
-
-	if (!ok) goto end;
-
 	/* The chain extensions are OK: check trust */
 
 	if (param->trust > 0) ok = check_trust(ctx);
@@ -527,6 +518,11 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 		else
 			must_be_ca = 1;
 		}
+	/* RFC 3779 path validation */
+	ok = v3_asid_validate_path(ctx);
+	if (!ok) goto end;
+	ok = v3_addr_validate_path(ctx);
+	if (!ok) goto end;
 	ok = 1;
  end:
 	return ok;
author	Rob Austein <sra@hactrn.net>	2006-08-11 20:09:51 +0000
committer	Rob Austein <sra@hactrn.net>	2006-08-11 20:09:51 +0000
commit	946d919740934c98441936fe647a8e623983b6fe (patch)
tree	bd922705502824ee9db3d5c56da907dfde7b444a /openssl/trunk/crypto
parent	1d549cff50f22f4dbcb24e8b4fe0e62ef1c1bbdf (diff)