From 24dd16ddff6a284a98c1abb30dacbf23d8895f4f Mon Sep 17 00:00:00 2001 From: Daniel Silverstone Date: Tue, 3 Dec 2019 09:35:51 +0000 Subject: [PATCH] fetch_curl_verify_callback: Do depth update after check Signed-off-by: Daniel Silverstone --- content/fetchers/curl.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c index a1d7ee190..cb09ecebd 100644 --- a/content/fetchers/curl.c +++ b/content/fetchers/curl.c @@ -662,11 +662,6 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX *x509_ctx) depth = X509_STORE_CTX_get_error_depth(x509_ctx); fetch = X509_STORE_CTX_get_app_data(x509_ctx); - /* record the max depth */ - if (depth > fetch->cert_depth) { - fetch->cert_depth = depth; - } - /* certificate chain is excessively deep so fail verification */ if (depth >= MAX_SSL_CERTS) { X509_STORE_CTX_set_error(x509_ctx, @@ -674,6 +669,11 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX *x509_ctx) return 0; } + /* record the max depth */ + if (depth > fetch->cert_depth) { + fetch->cert_depth = depth; + } + /* save the certificate by incrementing the reference count and * keeping a pointer. */