x509_verify: fix incorrect purpose check in the non-legacy path

If a purpose is configured on the verify context (which it currently
never is), this check would only accept certificates for which the
purpose check fails. Also, this code is not currently reachable from
public API since x509_verify() is only ever called with a legacy xsc
set on the verify ctx, so x509_verify_ccert_extensions() takes the
path returning 1 earlier.

X509_check_purpose() is one of these strange legacy APIs. It returns -1
on error, 0 if the cert fails the purpose check, 1 if it passes it and
values between 2 and 5 indicate various legacy garbage meaning that the
cert might possibly have been fit for this purpose until around a quarter
century ago. While for CA certs the checks in "No we don't care about ..."
exclude return values > 1, it is still possible for the S/MIME purpose
to return 2 due to a workaround for some buggy NS certs, for example.

In short: anything but 1 means unfit for the purpose or at best dubious,
so reject such certs.

Reported by Frank Denis

ok kenjiro

lib/libcrypto/x509/x509_verify.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.76 2026/05/04 13:55:20 tb Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.77 2026/06/10 04:26:58 tb Exp $ */
 /*
  * Copyright (c) 2020-2021 Bob Beck <beck@openbsd.org>
  *
@@ -909,7 +909,8 @@ x509_verify_cert_extensions(struct x509_verify_ctx *ctx, X509 *cert, int need_ca
 		ctx->error = X509_V_ERR_INVALID_CA;
 		return 0;
 	}
-	if (ctx->purpose > 0 && X509_check_purpose(cert, ctx->purpose, need_ca)) {
+	if (ctx->purpose > 0 &&
+	    X509_check_purpose(cert, ctx->purpose, need_ca) != 1) {
 		ctx->error = X509_V_ERR_INVALID_PURPOSE;
 		return 0;
 	}