3 files changed, 5 insertions, 2 deletions

diff --git a/src/lib/cert/cvc/cvc_gen_cert.h b/src/lib/cert/cvc/cvc_gen_cert.h
index 02c6f7324..6bdf116f3 100644
--- a/src/lib/cert/cvc/cvc_gen_cert.h
+++ b/src/lib/cert/cvc/cvc_gen_cert.h
@@ -77,7 +77,7 @@ class EAC1_1_gen_CVC : public EAC1_1_obj<Derived> // CRTP continuation from EAC1
          const std::vector<byte>& tbs_bits,
          RandomNumberGenerator& rng);
 
-      EAC1_1_gen_CVC() { m_pk = 0; }
+      EAC1_1_gen_CVC() { m_pk = nullptr; }
 
       virtual ~EAC1_1_gen_CVC<Derived>()
          { delete m_pk; }
diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp
index a6c3ce6e9..b5345c272 100644
--- a/src/lib/cert/x509/x509path.cpp
+++ b/src/lib/cert/x509/x509path.cpp
@@ -338,6 +338,8 @@ const X509_Certificate& Path_Validation_Result::trust_root() const
    {
    if(m_cert_path.empty())
       throw std::runtime_error("Path_Validation_Result::trust_root no path set");
+   if(result() != Certificate_Status_Code::VERIFIED)
+      throw std::runtime_error("Path_Validation_Result::trust_root meaningless with invalid status");
 
    return m_cert_path[m_cert_path.size()-1];
    }
diff --git a/src/lib/cert/x509/x509path.h b/src/lib/cert/x509/x509path.h
index c56aef21f..08d92915d 100644
--- a/src/lib/cert/x509/x509path.h
+++ b/src/lib/cert/x509/x509path.h
@@ -84,7 +84,8 @@ class BOTAN_DLL Path_Validation_Result
       std::set<std::string> trusted_hashes() const;
 
       /**
-      * @return the trust root of the validation
+      * @return the trust root of the validation if successful
+      * throws an exception if the validation failed
       */
       const X509_Certificate& trust_root() const;