Update from 1.0.0-stable

commit: 508c53522145ccd59b330e789a07470c79e87770 [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Tue Jun 30 11:24:57 2009 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Tue Jun 30 11:24:57 2009 +0000
tree: 319b395cd03d71b1def8dc457fc143e9c82aecd0
parent: 9a5faeaa428b164b2327314efe9c26a141a129fa [diff] [blame]
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index ccb30e0..2f47eaf 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c

@@ -502,9 +502,6 @@
 		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
 		return(0);
 		}
-	if (s->param)
-		X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx),
-						s->param);
 #if 0
 	if (SSL_get_verify_depth(s) >= 0)
 		X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
@@ -518,6 +515,12 @@
 
 	X509_STORE_CTX_set_default(&ctx,
 				s->server ? "ssl_client" : "ssl_server");
+	/* Anything non-default in "param" should overwrite anything in the
+	 * ctx.
+	 */
+	if (s->param)
+		X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx),
+						s->param);
 
 	if (s->verify_callback)
 		X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
commit	508c53522145ccd59b330e789a07470c79e87770	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Tue Jun 30 11:24:57 2009 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Tue Jun 30 11:24:57 2009 +0000
tree	319b395cd03d71b1def8dc457fc143e9c82aecd0
parent	9a5faeaa428b164b2327314efe9c26a141a129fa [diff] [blame]