summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbeck <>2020-10-26 12:11:47 +0000
committerbeck <>2020-10-26 12:11:47 +0000
commit393560d6830a3c756a88e4275aaa6132e770aa55 (patch)
tree6cc1bd5a85badfe429dad96db2e0eb31f0288322
parentb6e3a98ca0466885963f0d6f9e70e869262a5f56 (diff)
downloadopenbsd-393560d6830a3c756a88e4275aaa6132e770aa55.tar.gz
openbsd-393560d6830a3c756a88e4275aaa6132e770aa55.tar.bz2
openbsd-393560d6830a3c756a88e4275aaa6132e770aa55.zip
catch unset error when validation fails.
Diffstat (limited to '')
-rw-r--r--src/regress/lib/libcrypto/x509/bettertls/verify.c13
-rw-r--r--src/regress/lib/libcrypto/x509/verify.c5
2 files changed, 16 insertions, 2 deletions
diff --git a/src/regress/lib/libcrypto/x509/bettertls/verify.c b/src/regress/lib/libcrypto/x509/bettertls/verify.c
index df4b567d9c..e1d97d42ef 100644
--- a/src/regress/lib/libcrypto/x509/bettertls/verify.c
+++ b/src/regress/lib/libcrypto/x509/bettertls/verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: verify.c,v 1.8 2020/10/10 10:19:45 tb Exp $ */ 1/* $OpenBSD: verify.c,v 1.9 2020/10/26 12:11:47 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -107,6 +107,7 @@ verify_cert(X509_STORE *store, const char *roots_file, const char *bundle_file,
107 X509_VERIFY_PARAM *param, *paramip; 107 X509_VERIFY_PARAM *param, *paramip;
108 X509 *leaf = NULL; 108 X509 *leaf = NULL;
109 unsigned long flags, flagsip; 109 unsigned long flags, flagsip;
110 int verify_err;
110 111
111 *ip = *dns = 0; 112 *ip = *dns = 0;
112 113
@@ -145,6 +146,11 @@ verify_cert(X509_STORE *store, const char *roots_file, const char *bundle_file,
145 146
146 if (X509_verify_cert(xsc) == 1) 147 if (X509_verify_cert(xsc) == 1)
147 *dns = 1; 148 *dns = 1;
149 verify_err = X509_STORE_CTX_get_error(xsc);
150 if (verify_err == X509_V_OK && *dns == 0) {
151 fprintf(stderr, "X509_V_OK on failure!\n");
152 *dns = 1;
153 }
148 154
149 if ((xscip = X509_STORE_CTX_new()) == NULL) 155 if ((xscip = X509_STORE_CTX_new()) == NULL)
150 errx(1, "X509_STORE_CTX"); 156 errx(1, "X509_STORE_CTX");
@@ -170,6 +176,11 @@ verify_cert(X509_STORE *store, const char *roots_file, const char *bundle_file,
170 176
171 if (X509_verify_cert(xscip) == 1) 177 if (X509_verify_cert(xscip) == 1)
172 *ip = 1; 178 *ip = 1;
179 verify_err = X509_STORE_CTX_get_error(xscip);
180 if (verify_err == X509_V_OK && *ip == 0) {
181 fprintf(stderr, "X509_V_OK on failure!\n");
182 *ip = 1;
183 }
173 184
174 sk_X509_pop_free(roots, X509_free); 185 sk_X509_pop_free(roots, X509_free);
175 sk_X509_pop_free(bundle, X509_free); 186 sk_X509_pop_free(bundle, X509_free);
diff --git a/src/regress/lib/libcrypto/x509/verify.c b/src/regress/lib/libcrypto/x509/verify.c
index f3e883b8ac..added3bd9f 100644
--- a/src/regress/lib/libcrypto/x509/verify.c
+++ b/src/regress/lib/libcrypto/x509/verify.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: verify.c,v 1.3 2020/09/18 14:58:04 tb Exp $ */ 1/* $OpenBSD: verify.c,v 1.4 2020/10/26 12:11:47 beck Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -144,6 +144,9 @@ verify_cert(const char *roots_file, const char *bundle_file, int *chains,
144 } 144 }
145 145
146 verify_err = X509_STORE_CTX_get_error(xsc); 146 verify_err = X509_STORE_CTX_get_error(xsc);
147 if (verify_err == 0)
148 errx(1, "Error unset on failure!\n");
149
147 fprintf(stderr, "failed to verify at %d: %s\n", 150 fprintf(stderr, "failed to verify at %d: %s\n",
148 X509_STORE_CTX_get_error_depth(xsc), 151 X509_STORE_CTX_get_error_depth(xsc),
149 X509_verify_cert_error_string(verify_err)); 152 X509_verify_cert_error_string(verify_err));
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-30 05:11:07 +0000