X509_verify_cert()'s return value is not reliable if the callback - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tb <>	2020-11-03 18:39:18 +0000
committer	tb <>	2020-11-03 18:39:18 +0000
commit	4ebbe06a79dad3a34884066e8d8c340469b2289b (patch)
tree	a9877c8f0cd29877499cf4db676b5a630497e9f0 /src/lib
parent	d2716adb9f74470eeeb4b1db41704858437fb598 (diff)
download	openbsd-4ebbe06a79dad3a34884066e8d8c340469b2289b.tar.gz openbsd-4ebbe06a79dad3a34884066e8d8c340469b2289b.tar.bz2 openbsd-4ebbe06a79dad3a34884066e8d8c340469b2289b.zip

X509_verify_cert()'s return value is not reliable if the callback

returns 1. verify.c's cb() ignores a bunch of things to display as much info as possible. Thus, check the error code on the store ctx as well, similar to OpenSSL commit d9e309a6 (old licence). This makes openssl verify error on expired certs, at least with the legacy verify code. While here, fix a number of style issues, simplify and plug a leak. ok inoguchi

Diffstat (limited to 'src/lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: