Final tweaks in x509_trs.c for now

looked over by jsing
author: tb <> 2024-03-25 04:03:26 +0000
committer: tb <> 2024-03-25 04:03:26 +0000
commit: 14d656a779934e3522e3b769bdb7ba4694ac54ac (patch)
tree: 9820cf5fdde23bdfc88e4cc97891298994c61b87
parent: 25f98fdba90cdf11d4f236efa8bebbe491a4a276 (diff)
download: openbsd-14d656a779934e3522e3b769bdb7ba4694ac54ac.tar.gz
openbsd-14d656a779934e3522e3b769bdb7ba4694ac54ac.tar.bz2
openbsd-14d656a779934e3522e3b769bdb7ba4694ac54ac.zip
1 files changed, 11 insertions, 10 deletions
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index f0f99931eb..18eb8b86c4 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.53 2024/03/25 03:57:13 tb Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.54 2024/03/25 04:03:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 1999.
 */
@@ -71,9 +71,9 @@
 static int
 obj_trust(int id, const X509 *x)
 {
+        const X509_CERT_AUX *aux;
        ASN1_OBJECT *obj;
        int i, nid;
-        const X509_CERT_AUX *aux;
        if ((aux = x->aux) == NULL)
                return X509_TRUST_UNTRUSTED;
@@ -99,28 +99,29 @@ static int
 trust_compat(int nid, const X509 *x)
 {
        /* Extensions already cached in X509_check_trust(). */
-        if (x->ex_flags & EXFLAG_SS)
+        if ((x->ex_flags & EXFLAG_SS) != 0)
                return X509_TRUST_TRUSTED;
-        else
-                return X509_TRUST_UNTRUSTED;
+        return X509_TRUST_UNTRUSTED;
 }
 static int
 trust_1oidany(int nid, const X509 *x)
 {
-        if (x->aux && (x->aux->trust || x->aux->reject))
+        /* Inspect the certificate's trust settings if there are any. */
+        if (x->aux != NULL && (x->aux->trust != NULL || x->aux->reject != NULL))
                return obj_trust(nid, x);
-        /* we don't have any trust settings: for compatibility
-         * we return trusted if it is self signed
+        /* For compatibility we return trusted if the cert is self signed. */
-         */
        return trust_compat(NID_undef, x);
 }
 static int
 trust_1oid(int nid, const X509 *x)
 {
-        if (x->aux)
+        if (x->aux != NULL)
                return obj_trust(nid, x);
        return X509_TRUST_UNTRUSTED;
 }
author	tb <>	2024-03-25 04:03:26 +0000
committer	tb <>	2024-03-25 04:03:26 +0000
commit	14d656a779934e3522e3b769bdb7ba4694ac54ac (patch)
tree	9820cf5fdde23bdfc88e4cc97891298994c61b87
parent	25f98fdba90cdf11d4f236efa8bebbe491a4a276 (diff)
download	openbsd-14d656a779934e3522e3b769bdb7ba4694ac54ac.tar.gz openbsd-14d656a779934e3522e3b769bdb7ba4694ac54ac.tar.bz2 openbsd-14d656a779934e3522e3b769bdb7ba4694ac54ac.zip

diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index f0f99931eb..18eb8b86c4 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_trs.c,v 1.53 2024/03/25 03:57:13 tb Exp $ */	1	/* $OpenBSD: x509_trs.c,v 1.54 2024/03/25 04:03:26 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 1999.	3	* project 1999.
4	*/	4	*/
@@ -71,9 +71,9 @@
71	static int	71	static int
72	obj_trust(int id, const X509 *x)	72	obj_trust(int id, const X509 *x)
73	{	73	{
		74	const X509_CERT_AUX *aux;
74	ASN1_OBJECT *obj;	75	ASN1_OBJECT *obj;
75	int i, nid;	76	int i, nid;
76	const X509_CERT_AUX *aux;
77		77
78	if ((aux = x->aux) == NULL)	78	if ((aux = x->aux) == NULL)
79	return X509_TRUST_UNTRUSTED;	79	return X509_TRUST_UNTRUSTED;
@@ -99,28 +99,29 @@ static int
99	trust_compat(int nid, const X509 *x)	99	trust_compat(int nid, const X509 *x)
100	{	100	{
101	/* Extensions already cached in X509_check_trust(). */	101	/* Extensions already cached in X509_check_trust(). */
102	if (x->ex_flags & EXFLAG_SS)	102	if ((x->ex_flags & EXFLAG_SS) != 0)
103	return X509_TRUST_TRUSTED;	103	return X509_TRUST_TRUSTED;
104	else	104
105	return X509_TRUST_UNTRUSTED;	105	return X509_TRUST_UNTRUSTED;
106	}	106	}
107		107
108	static int	108	static int
109	trust_1oidany(int nid, const X509 *x)	109	trust_1oidany(int nid, const X509 *x)
110	{	110	{
111	if (x->aux && (x->aux->trust \|\| x->aux->reject))	111	/* Inspect the certificate's trust settings if there are any. */
		112	if (x->aux != NULL && (x->aux->trust != NULL \|\| x->aux->reject != NULL))
112	return obj_trust(nid, x);	113	return obj_trust(nid, x);
113	/* we don't have any trust settings: for compatibility	114
114	* we return trusted if it is self signed	115	/* For compatibility we return trusted if the cert is self signed. */
115	*/
116	return trust_compat(NID_undef, x);	116	return trust_compat(NID_undef, x);
117	}	117	}
118		118
119	static int	119	static int
120	trust_1oid(int nid, const X509 *x)	120	trust_1oid(int nid, const X509 *x)
121	{	121	{
122	if (x->aux)	122	if (x->aux != NULL)
123	return obj_trust(nid, x);	123	return obj_trust(nid, x);
		124
124	return X509_TRUST_UNTRUSTED;	125	return X509_TRUST_UNTRUSTED;
125	}	126	}
126		127