Revert previous - the original code was correct since X509_verify_cert() - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2017-01-03 17:13:41 +0000
committer	jsing <>	2017-01-03 17:13:41 +0000
commit	6070037b9b7f8d391060efcb8e1123ff682da427 (patch)
tree	5a3e601f0663f578d8b7766ab16ca3035c1e5b14 /src/lib/libcrypto/dsa/dsa_lib.c
parent	5da7b92521d672c4c9ed6738c3b4f70f6da48894 (diff)
download	openbsd-6070037b9b7f8d391060efcb8e1123ff682da427.tar.gz openbsd-6070037b9b7f8d391060efcb8e1123ff682da427.tar.bz2 openbsd-6070037b9b7f8d391060efcb8e1123ff682da427.zip

Revert previous - the original code was correct since X509_verify_cert()

should not have changed the X509_STORE_CTX error value on success and it was initialised to X509_V_OK by X509_STORE_CTX_init(). Other software also depends on this behaviour. Previously X509_verify_cert() was mishandling the X509_STORE_CTX error value when validating alternate chains. This has been fixed and further changes now explicitly ensure that the error value will be set to X509_V_OK if X509_verify_cert() returns success.

Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: