summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authortb <>2022-01-05 17:43:04 +0000
committertb <>2022-01-05 17:43:04 +0000
commitf05deefcdfbc639504bc41d1d2e6d500f847ab5e (patch)
tree23437bb3e40d2a70bb0c7ab8c4c053f716555e05 /src/lib
parenta9a475a5b32b3cedcb67f102218951f52d6e928a (diff)
downloadopenbsd-f05deefcdfbc639504bc41d1d2e6d500f847ab5e.tar.gz
openbsd-f05deefcdfbc639504bc41d1d2e6d500f847ab5e.tar.bz2
openbsd-f05deefcdfbc639504bc41d1d2e6d500f847ab5e.zip
Call x a cert for readability.
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libcrypto/x509/x509_addr.c26
1 files changed, 13 insertions, 13 deletions
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index 71f32f878c..acf1321c93 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_addr.c,v 1.66 2022/01/05 17:41:41 tb Exp $ */ 1/* $OpenBSD: x509_addr.c,v 1.67 2022/01/05 17:43:04 tb Exp $ */
2/* 2/*
3 * Contributed to the OpenSSL Project by the American Registry for 3 * Contributed to the OpenSSL Project by the American Registry for
4 * Internet Numbers ("ARIN"). 4 * Internet Numbers ("ARIN").
@@ -1747,7 +1747,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1747 IPAddrBlocks *child = NULL, *parent = NULL; 1747 IPAddrBlocks *child = NULL, *parent = NULL;
1748 IPAddressFamily *fc, *fp; 1748 IPAddressFamily *fc, *fp;
1749 IPAddressOrRanges *aorc, *aorp; 1749 IPAddressOrRanges *aorc, *aorp;
1750 X509 *x = NULL; 1750 X509 *cert = NULL;
1751 int depth = -1; 1751 int depth = -1;
1752 int i, k; 1752 int i, k;
1753 unsigned int length; 1753 unsigned int length;
@@ -1770,13 +1770,13 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1770 */ 1770 */
1771 if (ext == NULL) { 1771 if (ext == NULL) {
1772 depth = 0; 1772 depth = 0;
1773 x = sk_X509_value(chain, depth); 1773 cert = sk_X509_value(chain, depth);
1774 if ((ext = x->rfc3779_addr) == NULL) 1774 if ((ext = cert->rfc3779_addr) == NULL)
1775 goto done; 1775 goto done;
1776 } 1776 }
1777 1777
1778 if (!X509v3_addr_is_canonical(ext)) { 1778 if (!X509v3_addr_is_canonical(ext)) {
1779 if ((ret = verify_error(ctx, x, 1779 if ((ret = verify_error(ctx, cert,
1780 X509_V_ERR_INVALID_EXTENSION, depth)) == 0) 1780 X509_V_ERR_INVALID_EXTENSION, depth)) == 0)
1781 goto done; 1781 goto done;
1782 } 1782 }
@@ -1795,16 +1795,16 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1795 * doesn't list. 1795 * doesn't list.
1796 */ 1796 */
1797 for (depth++; depth < sk_X509_num(chain); depth++) { 1797 for (depth++; depth < sk_X509_num(chain); depth++) {
1798 x = sk_X509_value(chain, depth); 1798 cert = sk_X509_value(chain, depth);
1799 1799
1800 if ((parent = x->rfc3779_addr) == NULL) { 1800 if ((parent = cert->rfc3779_addr) == NULL) {
1801 for (i = 0; i < sk_IPAddressFamily_num(child); i++) { 1801 for (i = 0; i < sk_IPAddressFamily_num(child); i++) {
1802 fc = sk_IPAddressFamily_value(child, i); 1802 fc = sk_IPAddressFamily_value(child, i);
1803 1803
1804 if (IPAddressFamily_inheritance(fc) != NULL) 1804 if (IPAddressFamily_inheritance(fc) != NULL)
1805 continue; 1805 continue;
1806 1806
1807 if ((ret = verify_error(ctx, x, 1807 if ((ret = verify_error(ctx, cert,
1808 X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) 1808 X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0)
1809 goto done; 1809 goto done;
1810 break; 1810 break;
@@ -1813,7 +1813,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1813 } 1813 }
1814 1814
1815 if (!X509v3_addr_is_canonical(parent)) { 1815 if (!X509v3_addr_is_canonical(parent)) {
1816 if ((ret = verify_error(ctx, x, 1816 if ((ret = verify_error(ctx, cert,
1817 X509_V_ERR_INVALID_EXTENSION, depth)) == 0) 1817 X509_V_ERR_INVALID_EXTENSION, depth)) == 0)
1818 goto done; 1818 goto done;
1819 } 1819 }
@@ -1841,7 +1841,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1841 continue; 1841 continue;
1842 1842
1843 /* Otherwise the child isn't covered. */ 1843 /* Otherwise the child isn't covered. */
1844 if ((ret = verify_error(ctx, x, 1844 if ((ret = verify_error(ctx, cert,
1845 X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) 1845 X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0)
1846 goto done; 1846 goto done;
1847 break; 1847 break;
@@ -1877,7 +1877,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1877 continue; 1877 continue;
1878 } 1878 }
1879 1879
1880 if ((ret = verify_error(ctx, x, 1880 if ((ret = verify_error(ctx, cert,
1881 X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) 1881 X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0)
1882 goto done; 1882 goto done;
1883 } 1883 }
@@ -1886,7 +1886,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1886 /* 1886 /*
1887 * Trust anchor can't inherit. 1887 * Trust anchor can't inherit.
1888 */ 1888 */
1889 if ((parent = x->rfc3779_addr) != NULL) { 1889 if ((parent = cert->rfc3779_addr) != NULL) {
1890 for (i = 0; i < sk_IPAddressFamily_num(parent); i++) { 1890 for (i = 0; i < sk_IPAddressFamily_num(parent); i++) {
1891 fp = sk_IPAddressFamily_value(parent, i); 1891 fp = sk_IPAddressFamily_value(parent, i);
1892 1892
@@ -1896,7 +1896,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1896 if (sk_IPAddressFamily_find(child, fp) < 0) 1896 if (sk_IPAddressFamily_find(child, fp) < 0)
1897 continue; 1897 continue;
1898 1898
1899 if ((ret = verify_error(ctx, x, 1899 if ((ret = verify_error(ctx, cert,
1900 X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) 1900 X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0)
1901 goto done; 1901 goto done;
1902 } 1902 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 00:49:06 +0000