===================================================================\r
--- crypto/x509/x509_vfy.c (revision 1)\r
+++ crypto/x509/x509_vfy.c (working copy)\r
-@@ -386,7 +386,11 @@\r
- \r
- static int check_chain_extensions(X509_STORE_CTX *ctx)\r
- {\r
--#ifdef OPENSSL_NO_CHAIN_VERIFY\r
-+#if defined(OPENSSL_NO_CHAIN_VERIFY) || defined(OPENSSL_SYS_UEFI)\r
-+ /* \r
-+ NOTE: Bypass KU Flags Checking for UEFI version. There are incorrect KU flag setting\r
-+ in Authenticode Signing Certificates. \r
-+ */\r
- return 1;\r
- #else\r
- int i, ok=0, must_be_ca, plen = 0;\r
-@@ -899,6 +903,10 @@\r
+@@ -899,6 +899,10 @@\r
\r
static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)\r
{\r
time_t *ptime;\r
int i;\r
\r
-@@ -942,6 +950,7 @@\r
+@@ -942,6 +946,7 @@\r
}\r
\r
return 1;\r