fetch_curl_verify_callback: Do depth update after check

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
author: Daniel Silverstone <dsilvers@digital-scurf.org> 2019-12-03 09:35:51 +0000
committer: Daniel Silverstone <dsilvers@digital-scurf.org> 2019-12-03 09:35:51 +0000
commit: 24dd16ddff6a284a98c1abb30dacbf23d8895f4f (patch)
tree: b7edc28df0c4ced40cda878575f2b360c7161786 /content
parent: f1e6690b25eacac268686b5ebf02a5f31ca918af (diff)
download: netsurf-24dd16ddff6a284a98c1abb30dacbf23d8895f4f.tar.gz
netsurf-24dd16ddff6a284a98c1abb30dacbf23d8895f4f.tar.bz2
1 files changed, 5 insertions, 5 deletions
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index a1d7ee190..cb09ecebd 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -662,11 +662,6 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX *x509_ctx)
 	depth = X509_STORE_CTX_get_error_depth(x509_ctx);
 	fetch = X509_STORE_CTX_get_app_data(x509_ctx);
 
-	/* record the max depth */
-	if (depth > fetch->cert_depth) {
-		fetch->cert_depth = depth;
-	}
-
 	/* certificate chain is excessively deep so fail verification */
 	if (depth >= MAX_SSL_CERTS) {
 		X509_STORE_CTX_set_error(x509_ctx,
@@ -674,6 +669,11 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX *x509_ctx)
 		return 0;
 	}
 
+	/* record the max depth */
+	if (depth > fetch->cert_depth) {
+		fetch->cert_depth = depth;
+	}
+
 	/* save the certificate by incrementing the reference count and
 	 * keeping a pointer.
 	 */
author	Daniel Silverstone <dsilvers@digital-scurf.org>	2019-12-03 09:35:51 +0000
committer	Daniel Silverstone <dsilvers@digital-scurf.org>	2019-12-03 09:35:51 +0000
commit	24dd16ddff6a284a98c1abb30dacbf23d8895f4f (patch)
tree	b7edc28df0c4ced40cda878575f2b360c7161786 /content
parent	f1e6690b25eacac268686b5ebf02a5f31ca918af (diff)
download	netsurf-24dd16ddff6a284a98c1abb30dacbf23d8895f4f.tar.gz netsurf-24dd16ddff6a284a98c1abb30dacbf23d8895f4f.tar.bz2