From 24dd16ddff6a284a98c1abb30dacbf23d8895f4f Mon Sep 17 00:00:00 2001
From: Daniel Silverstone <dsilvers@digital-scurf.org>
Date: Tue, 3 Dec 2019 09:35:51 +0000
Subject: fetch_curl_verify_callback: Do depth update after check

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
---
 content/fetchers/curl.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index a1d7ee190..cb09ecebd 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -662,11 +662,6 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX *x509_ctx)
 	depth = X509_STORE_CTX_get_error_depth(x509_ctx);
 	fetch = X509_STORE_CTX_get_app_data(x509_ctx);
 
-	/* record the max depth */
-	if (depth > fetch->cert_depth) {
-		fetch->cert_depth = depth;
-	}
-
 	/* certificate chain is excessively deep so fail verification */
 	if (depth >= MAX_SSL_CERTS) {
 		X509_STORE_CTX_set_error(x509_ctx,
@@ -674,6 +669,11 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX *x509_ctx)
 		return 0;
 	}
 
+	/* record the max depth */
+	if (depth > fetch->cert_depth) {
+		fetch->cert_depth = depth;
+	}
+
 	/* save the certificate by incrementing the reference count and
 	 * keeping a pointer.
 	 */
-- 
cgit v1.2.3