diff options
| author | beck <> | 2017-01-21 01:07:25 +0000 | 
|---|---|---|
| committer | beck <> | 2017-01-21 01:07:25 +0000 | 
| commit | ba0fcad847ab1c8a18e417694f580450cb73ce38 (patch) | |
| tree | 04554fd62540310b705a26a3821f75cdf3ce32a4 /src/lib/libc | |
| parent | ff6fa3ffece7ca61b2a5e2a66b4920c710d4e36b (diff) | |
| download | openbsd-ba0fcad847ab1c8a18e417694f580450cb73ce38.tar.gz openbsd-ba0fcad847ab1c8a18e417694f580450cb73ce38.tar.bz2 openbsd-ba0fcad847ab1c8a18e417694f580450cb73ce38.zip | |
Make return value of X509_verify_cert be consistent with the error code,
with the caveat that we force V_OK when a user provided callback has
us returning success.
ok inoguchi@ jsing@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 12 | 
1 files changed, 10 insertions, 2 deletions
| diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index c09a2c362f..d4c61d90f4 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.57 2017/01/20 00:37:40 beck Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.58 2017/01/21 01:07:25 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -546,7 +546,15 @@ X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 546 | /* Safety net, error returns must set ctx->error */ | 546 | /* Safety net, error returns must set ctx->error */ | 
| 547 | if (ok <= 0 && ctx->error == X509_V_OK) | 547 | if (ok <= 0 && ctx->error == X509_V_OK) | 
| 548 | ctx->error = X509_V_ERR_UNSPECIFIED; | 548 | ctx->error = X509_V_ERR_UNSPECIFIED; | 
| 549 | return ok; | 549 | |
| 550 | /* | ||
| 551 | * Safety net, if user provided verify callback indicates sucess | ||
| 552 | * make sure they have set error to X509_V_OK | ||
| 553 | */ | ||
| 554 | if (ctx->verify_cb != null_callback && ok == 1) | ||
| 555 | ctx->error = X509_V_OK; | ||
| 556 | |||
| 557 | return(ctx->error == X509_V_OK); | ||
| 550 | } | 558 | } | 
| 551 | 559 | ||
| 552 | /* Given a STACK_OF(X509) find the issuer of cert (if any) | 560 | /* Given a STACK_OF(X509) find the issuer of cert (if any) | 
