Update OpenSSL to 1.0.1g

author: Arne Schwabe <arne@rfc2549.org> 2014-04-23 12:31:35 +0200
committer: Arne Schwabe <arne@rfc2549.org> 2014-04-23 12:31:35 +0200
commit: 0c5af0c28f23f75f93e253aeccb00c5ad20c116e (patch)
tree: fae9826018c36f1011007d029b728c290c50485c /main/openssl/crypto/x509/x509_vfy.c
parent: c69ba1780496c260a1b4498596bae428e0df232d (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/main/openssl/crypto/x509/x509_vfy.c b/main/openssl/crypto/x509/x509_vfy.c
index 5195ffef..920066ae 100644
--- a/main/openssl/crypto/x509/x509_vfy.c
+++ b/main/openssl/crypto/x509/x509_vfy.c
@@ -1462,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
 	 * a certificate was revoked. This has since been changed since 
 	 * critical extension can change the meaning of CRL entries.
 	 */
-	if (crl->flags & EXFLAG_CRITICAL)
+	if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+		&& (crl->flags & EXFLAG_CRITICAL))
 		{
-		if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-			return 1;
 		ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
 		ok = ctx->verify_cb(0, ctx);
 		if(!ok)
author	Arne Schwabe <arne@rfc2549.org>	2014-04-23 12:31:35 +0200
committer	Arne Schwabe <arne@rfc2549.org>	2014-04-23 12:31:35 +0200
commit	0c5af0c28f23f75f93e253aeccb00c5ad20c116e (patch)
tree	fae9826018c36f1011007d029b728c290c50485c /main/openssl/crypto/x509/x509_vfy.c
parent	c69ba1780496c260a1b4498596bae428e0df232d (diff)