Fix calls to check_parent()

When we're looking for a parent, in trusted CAs, 'top' should be 1.

This only impacted which call site for verify_top() was chosen, and the error
was then fixed inside verify_top() by iterating over CAs again, this time
correctly setting 'top' to 1.
This commit is contained in:
Manuel Pégourié-Gonnard 2017-06-29 11:32:44 +02:00
parent 35407c7764
commit b8acfd2ba8

View file

@ -2130,7 +2130,7 @@ static int x509_crt_verify_child(
grandparent = grandparent->next )
{
if( x509_crt_check_parent( parent, grandparent,
0, path_cnt == 0 ) == 0 )
1, path_cnt == 0 ) == 0 )
break;
}
@ -2321,7 +2321,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
/* Look for a parent in trusted CAs */
for( parent = trust_ca; parent != NULL; parent = parent->next )
{
if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
if( x509_crt_check_parent( crt, parent, 1, pathlen == 0 ) == 0 )
break;
}