Fix SuiteB chain checking logic. Reviewed-by: Matt Caswell <matt@openssl.org>

commit: 7255ca99df1f2d83d99d113dd5ca54b88d50e72b [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Thu Nov 20 14:06:50 2014 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Thu Nov 20 22:13:05 2014 +0000
tree: 49fc18f197e4409f6960974a79e2d8783ccd6e83
parent: c56a50b229932d2cef651d931b71a8cbffb029da [diff]
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 8b2b16b..e0f28d2 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c

@@ -4294,13 +4294,10 @@
 		if (check_flags)
 			check_flags |= CERT_PKEY_SUITEB;
 		ok = X509_chain_check_suiteb(NULL, x, chain, suiteb_flags);
-		if (ok != X509_V_OK)
-			{
-			if (check_flags)
-				rv |= CERT_PKEY_SUITEB;
-			else
-				goto end;
-			}
+		if (ok == X509_V_OK)
+			rv |= CERT_PKEY_SUITEB;
+		else if (!check_flags)
+			goto end;
 		}
 
 	/* Check all signature algorithms are consistent with
commit	7255ca99df1f2d83d99d113dd5ca54b88d50e72b	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Thu Nov 20 14:06:50 2014 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Thu Nov 20 22:13:05 2014 +0000
tree	49fc18f197e4409f6960974a79e2d8783ccd6e83
parent	c56a50b229932d2cef651d931b71a8cbffb029da [diff]