summaryrefslogtreecommitdiff
path: root/app/openssl/crypto/x509v3/v3_purp.c
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-09-26 09:46:26 +0200
committerParménides GV <parmegv@sdf.org>2014-09-26 09:46:26 +0200
commit394451dbae3e71282611058e00b5fd16c865f147 (patch)
tree17b71034d9350a2848603f5edf0a8b13025909be /app/openssl/crypto/x509v3/v3_purp.c
parent644fd02cf8da95b0b5a99fb9f2142628dd27f7c2 (diff)
Revert "Updated native subprojects from ics-openvpn."
This reverts commit d0e7ba3029b2fd42582413aa95773fe7dbdede90. I'll postpone this work for the next cycle, it's not trivial because it doesn't link properly.
Diffstat (limited to 'app/openssl/crypto/x509v3/v3_purp.c')
-rw-r--r--app/openssl/crypto/x509v3/v3_purp.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/app/openssl/crypto/x509v3/v3_purp.c b/app/openssl/crypto/x509v3/v3_purp.c
index f59bfc18..ad688657 100644
--- a/app/openssl/crypto/x509v3/v3_purp.c
+++ b/app/openssl/crypto/x509v3/v3_purp.c
@@ -389,8 +389,8 @@ static void x509v3_cache_extensions(X509 *x)
/* Handle proxy certificates */
if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
if (x->ex_flags & EXFLAG_CA
- || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
- || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
+ || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
+ || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
x->ex_flags |= EXFLAG_INVALID;
}
if (pci->pcPathLengthConstraint) {
@@ -670,7 +670,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
return 0;
/* Extended Key Usage MUST be critical */
- i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1);
+ i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0);
if (i_ext >= 0)
{
X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);