fix minor bug in path_cnt checks

If the top certificate occurs twice in trust_ca (for example) it would
not be good for the second instance to be checked with check_path_cnt
reduced twice!
This commit is contained in:
Nicholas Wilson 2015-05-13 10:40:30 +01:00
parent 48647b9255
commit bc07c3a1f0

View file

@ -1771,7 +1771,7 @@ static int x509_crt_verify_top(
void *p_vrfy )
{
int ret;
int ca_flags = 0, check_path_cnt = path_cnt + 1;
int ca_flags = 0, check_path_cnt;
unsigned char hash[POLARSSL_MD_MAX_SIZE];
const md_info_t *md_info;
@ -1802,8 +1802,10 @@ static int x509_crt_verify_top(
if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 )
continue;
check_path_cnt = path_cnt + 1;
/*
* Reduce path_len to check against if top of the chain is
* Reduce check_path_cnt to check against if top of the chain is
* the same as the trusted CA
*/
if( child->subject_raw.len == trust_ca->subject_raw.len &&