From 2c2f71313e5717e9858fcbcfbe102a1964b6e385 Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@canonical.com>
Date: Wed, 15 Jul 2015 08:48:25 -0700
Subject: [PATCH] Support openssl 1.0.2b and above

Newer versions of openssl return a different error with alternate
certificate chains; update for compatibility.

Signed-off-by: Marc Deslauriers <marc.deslauriers@canonical.com>
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1474541
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
 src/sbverify.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/sbverify.c b/src/sbverify.c
index c11f894..02bccbc 100644
--- a/src/sbverify.c
+++ b/src/sbverify.c
@@ -184,6 +184,7 @@ static int x509_verify_cb(int status, X509_STORE_CTX *ctx)
 
 	else if (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
 		 err == X509_V_ERR_CERT_UNTRUSTED ||
+		 err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT ||
 		 err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE) {
 		/* all certs given with the --cert argument are trusted */