From 7049b8e541b032e42ab0b4007a344bd14918bdcc Mon Sep 17 00:00:00 2001
From: Jack Lloyd <lloyd@randombit.net>
Date: Wed, 4 Nov 2015 14:31:59 -0500
Subject: Add check for path validation result in Credentials_Manager. GH #324

---
 src/lib/cert/x509/x509path.cpp | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/lib/cert/x509/x509path.cpp')

diff --git a/src/lib/cert/x509/x509path.cpp b/src/lib/cert/x509/x509path.cpp
index a6c3ce6e9..b5345c272 100644
--- a/src/lib/cert/x509/x509path.cpp
+++ b/src/lib/cert/x509/x509path.cpp
@@ -338,6 +338,8 @@ const X509_Certificate& Path_Validation_Result::trust_root() const
    {
    if(m_cert_path.empty())
       throw std::runtime_error("Path_Validation_Result::trust_root no path set");
+   if(result() != Certificate_Status_Code::VERIFIED)
+      throw std::runtime_error("Path_Validation_Result::trust_root meaningless with invalid status");
 
    return m_cert_path[m_cert_path.size()-1];
    }
-- 
cgit v1.2.3