@@ -573,13 +573,22 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
573573 WOLFSSL_MSG ("X509_verify_cert current cert failed, retrying with other certs." );
574574 RemoveCA (ctx -> store -> cm , ctx -> current_cert -> subjKeyId , WOLFSSL_TEMP_CA );
575575 X509StorePopCert (certs , failedCerts , ctx -> current_cert );
576- if (numInterAdd > 0 )
577- numInterAdd -- ;
578576 ctx -> current_cert = wolfSSL_sk_X509_pop (ctx -> chain );
579577 depth ++ ;
580578 }
581579
582580exit :
581+ /* Copy back failed certs if verification failed. */
582+ if (ret != WOLFSSL_SUCCESS ) {
583+ while (wolfSSL_sk_X509_num (failedCerts ) > 0 )
584+ {
585+ wolfSSL_sk_X509_push (certs , wolfSSL_sk_X509_pop (failedCerts ));
586+ }
587+ }
588+ if (failedCerts ) {
589+ wolfSSL_sk_X509_free (failedCerts );
590+ }
591+
583592 /* Remove additional intermediates from init from the store */
584593 if (ctx != NULL && numInterAdd > 0 ) {
585594 for (i = 0 ; i < numInterAdd ; i ++ ) {
@@ -601,17 +610,6 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
601610 wolfSSL_sk_X509_free (certsToUse );
602611 }
603612
604- /* Copy back failed certs if verification failed. */
605- if (ret != WOLFSSL_SUCCESS ) {
606- while (wolfSSL_sk_X509_num (failedCerts ) > 0 )
607- {
608- wolfSSL_sk_X509_push (certs , wolfSSL_sk_X509_pop (failedCerts ));
609- }
610- }
611- if (failedCerts ) {
612- wolfSSL_sk_X509_free (failedCerts );
613- }
614-
615613 return ret == WOLFSSL_SUCCESS ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE ;
616614}
617615
@@ -1103,7 +1101,7 @@ static int X509StorePopCert(WOLFSSL_STACK *certs_stack, WOLFSSL_STACK *dest_stac
11031101
11041102 for (i = 0 ; i < wolfSSL_sk_X509_num (certs_stack ); i ++ ) {
11051103 if (wolfSSL_sk_X509_value (certs_stack , i ) == cert ) {
1106- wolfSSL_sk_X509_push (dest_stack , wolfSSL_sk_pop_node (certs_stack , i ));
1104+ wolfSSL_sk_X509_push (dest_stack , ( WOLFSSL_X509 * ) wolfSSL_sk_pop_node (certs_stack , i ));
11071105 return WOLFSSL_SUCCESS ;
11081106 }
11091107 }
0 commit comments