summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ocsp/ocsp_vfy.c
diff options
context:
space:
mode:
authorjsing <>2014-05-18 11:28:41 +0000
committerjsing <>2014-05-18 11:28:41 +0000
commitde4eef43c08fef5fd844116a63ef0e4e61d63f34 (patch)
tree73b1744a184fd1987676d03b6f2ec63ada8a7410 /src/lib/libcrypto/ocsp/ocsp_vfy.c
parent05c55ad5106a239e704f8766f942bc882bfeb6ae (diff)
downloadopenbsd-de4eef43c08fef5fd844116a63ef0e4e61d63f34.tar.gz
openbsd-de4eef43c08fef5fd844116a63ef0e4e61d63f34.tar.bz2
openbsd-de4eef43c08fef5fd844116a63ef0e4e61d63f34.zip
More KNF.
Diffstat (limited to 'src/lib/libcrypto/ocsp/ocsp_vfy.c')
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_vfy.c24
1 files changed, 12 insertions, 12 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index aede155871..5d8b2eebcf 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -61,17 +61,17 @@
61#include <string.h> 61#include <string.h>
62 62
63static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, 63static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
64 STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); 64 STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags);
65static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); 65static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
66static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, 66static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
67 unsigned long flags); 67 unsigned long flags);
68static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); 68static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);
69static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, 69static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
70 STACK_OF(OCSP_SINGLERESP) *sresp); 70 STACK_OF(OCSP_SINGLERESP) *sresp);
71static int ocsp_check_delegated(X509 *x, int flags); 71static int ocsp_check_delegated(X509 *x, int flags);
72static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, 72static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
73 X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st, 73 X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st,
74 unsigned long flags); 74 unsigned long flags);
75 75
76/* Verify a basic response message */ 76/* Verify a basic response message */
77int 77int
@@ -108,14 +108,14 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
108 if (!(flags & OCSP_NOVERIFY)) { 108 if (!(flags & OCSP_NOVERIFY)) {
109 int init_res; 109 int init_res;
110 110
111 if(flags & OCSP_NOCHAIN) 111 if (flags & OCSP_NOCHAIN)
112 init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); 112 init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
113 else 113 else
114 init_res = X509_STORE_CTX_init(&ctx, st, signer, 114 init_res = X509_STORE_CTX_init(&ctx, st, signer,
115 bs->certs); 115 bs->certs);
116 if (!init_res) { 116 if (!init_res) {
117 ret = -1; 117 ret = -1;
118 OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); 118 OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
119 goto end; 119 goto end;
120 } 120 }
121 121
@@ -131,7 +131,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
131 X509_verify_cert_error_string(i)); 131 X509_verify_cert_error_string(i));
132 goto end; 132 goto end;
133 } 133 }
134 if(flags & OCSP_NOCHECKS) { 134 if (flags & OCSP_NOCHECKS) {
135 ret = 1; 135 ret = 1;
136 goto end; 136 goto end;
137 } 137 }
@@ -152,7 +152,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
152 152
153 x = sk_X509_value(chain, sk_X509_num(chain) - 1); 153 x = sk_X509_value(chain, sk_X509_num(chain) - 1);
154 if (X509_check_trust(x, NID_OCSP_sign, 0) != 154 if (X509_check_trust(x, NID_OCSP_sign, 0) !=
155 X509_TRUST_TRUSTED) { 155 X509_TRUST_TRUSTED) {
156 OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, 156 OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
157 OCSP_R_ROOT_CA_NOT_TRUSTED); 157 OCSP_R_ROOT_CA_NOT_TRUSTED);
158 goto end; 158 goto end;
@@ -411,7 +411,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
411 init_res = X509_STORE_CTX_init(&ctx, store, signer, 411 init_res = X509_STORE_CTX_init(&ctx, store, signer,
412 req->optionalSignature->certs); 412 req->optionalSignature->certs);
413 if (!init_res) { 413 if (!init_res) {
414 OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB); 414 OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
415 return 0; 415 return 0;
416 } 416 }
417 417
@@ -420,7 +420,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
420 ret = X509_verify_cert(&ctx); 420 ret = X509_verify_cert(&ctx);
421 X509_STORE_CTX_cleanup(&ctx); 421 X509_STORE_CTX_cleanup(&ctx);
422 if (ret <= 0) { 422 if (ret <= 0) {
423 ret = X509_STORE_CTX_get_error(&ctx); 423 ret = X509_STORE_CTX_get_error(&ctx);
424 OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, 424 OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
425 OCSP_R_CERTIFICATE_VERIFY_ERROR); 425 OCSP_R_CERTIFICATE_VERIFY_ERROR);
426 ERR_asprintf_error_data("Verify error:%s", 426 ERR_asprintf_error_data("Verify error:%s",
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-04 11:18:29 +0000