Avoid direct X509 structure access Reviewed-by: Tim Hudson <tjh@openssl.org>

commit: a8d8e06b0ac06c421fd11cc1772126dcb98f79ae [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Wed Sep 02 22:01:18 2015 +0100
committer: Dr. Stephen Henson <steve@openssl.org> Sun Sep 06 00:17:37 2015 +0100
tree: 14775147addd9c7785f12bc00db95c1a4a96d566
parent: f728254a840bf7fdd2252fe09e11a0e99c7df1d4 [diff] [blame]
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index c3e2c2e..555b1d7 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c

@@ -1028,8 +1028,7 @@
         if (sk_X509_num(chain) > 0) {
             /* See if last cert is self signed */
             x = sk_X509_value(chain, sk_X509_num(chain) - 1);
-            X509_check_purpose(x, -1, 0);
-            if (x->ex_flags & EXFLAG_SS) {
+            if (X509_get_extension_flags(x) & EXFLAG_SS) {
                 x = sk_X509_pop(chain);
                 X509_free(x);
             }
commit	a8d8e06b0ac06c421fd11cc1772126dcb98f79ae	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Wed Sep 02 22:01:18 2015 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	Sun Sep 06 00:17:37 2015 +0100
tree	14775147addd9c7785f12bc00db95c1a4a96d566
parent	f728254a840bf7fdd2252fe09e11a0e99c7df1d4 [diff] [blame]