diff -up openssl-1.1.1g/crypto/x509/x509_vfy.c.bypass-strict-flag openssl-1.1.1g/crypto/x509/x509_vfy.c --- openssl-1.1.1g/crypto/x509/x509_vfy.c.bypass-strict-flag 2021-03-25 15:04:24.786522525 +0100 +++ openssl-1.1.1g/crypto/x509/x509_vfy.c 2021-03-25 15:14:01.392910477 +0100 @@ -509,15 +509,19 @@ static int check_chain_extensions(X509_S ret = 1; break; } - if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) { + if (ret > 0 + && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) { /* Check for presence of explicit elliptic curve parameters */ ret = check_curve(x); - if (ret < 0) + if (ret < 0) { ctx->error = X509_V_ERR_UNSPECIFIED; - else if (ret == 0) + ret = 0; + } else if (ret == 0) { ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS; + } } - if ((x->ex_flags & EXFLAG_CA) == 0 + if (ret > 0 + && (x->ex_flags & EXFLAG_CA) == 0 && x->ex_pathlen != -1 && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) { ctx->error = X509_V_ERR_INVALID_EXTENSION; diff -up openssl-1.1.1g/test/verify_extra_test.c.bypass-strict-flag openssl-1.1.1g/test/verify_extra_test.c --- openssl-1.1.1g/test/verify_extra_test.c.bypass-strict-flag 2020-04-21 14:22:39.000000000 +0200 +++ openssl-1.1.1g/test/verify_extra_test.c 2021-03-25 15:04:24.793522594 +0100 @@ -125,10 +125,22 @@ static int test_alt_chains_cert_forgery( i = X509_verify_cert(sctx); - if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) { + if (i != 0 || X509_STORE_CTX_get_error(sctx) != X509_V_ERR_INVALID_CA) + goto err; + + /* repeat with X509_V_FLAG_X509_STRICT */ + X509_STORE_CTX_cleanup(sctx); + X509_STORE_set_flags(store, X509_V_FLAG_X509_STRICT); + + if (!X509_STORE_CTX_init(sctx, store, x, untrusted)) + goto err; + + i = X509_verify_cert(sctx); + + if (i == 0 && X509_STORE_CTX_get_error(sctx) == X509_V_ERR_INVALID_CA) /* This is the result we were expecting: Test passed */ ret = 1; - } + err: X509_STORE_CTX_free(sctx); X509_free(x);