fix minor bug in path_cnt checks If the top certificate occurs twice in trust_ca (for example) it would not be good for the second instance to be checked with check_path_cnt reduced twice!

commit: bc07c3a1f0403ea65a5c4f52583569c82385dc07 [log] [tgz]
author: Nicholas Wilson <nicholas.wilson@realvnc.com> Wed May 13 10:40:30 2015 +0100
committer: Nicholas Wilson <nicholas.wilson@realvnc.com> Wed May 13 10:40:30 2015 +0100
tree: 799a05dc242649a02206a67ed3ed3e36eaf17f52
parent: 48647b92551f1ed5a6104cedc155c88c15578d74 [diff] [blame]
diff --git a/library/x509_crt.c b/library/x509_crt.c
index fe9e552..b94f213 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c

@@ -1771,7 +1771,7 @@
                 void *p_vrfy )
 {
     int ret;
-    int ca_flags = 0, check_path_cnt = path_cnt + 1;
+    int ca_flags = 0, check_path_cnt;
     unsigned char hash[POLARSSL_MD_MAX_SIZE];
     const md_info_t *md_info;
 
@@ -1802,8 +1802,10 @@
         if( x509_crt_check_parent( child, trust_ca, 1, path_cnt == 0 ) != 0 )
             continue;
 
+        check_path_cnt = path_cnt + 1;
+
         /*
-         * Reduce path_len to check against if top of the chain is
+         * Reduce check_path_cnt to check against if top of the chain is
          * the same as the trusted CA
          */
         if( child->subject_raw.len == trust_ca->subject_raw.len &&
commit	bc07c3a1f0403ea65a5c4f52583569c82385dc07	[log] [tgz]
author	Nicholas Wilson <nicholas.wilson@realvnc.com>	Wed May 13 10:40:30 2015 +0100
committer	Nicholas Wilson <nicholas.wilson@realvnc.com>	Wed May 13 10:40:30 2015 +0100
tree	799a05dc242649a02206a67ed3ed3e36eaf17f52
parent	48647b92551f1ed5a6104cedc155c88c15578d74 [diff] [blame]