catch unset error when validation fails.

author: beck <> 2020-10-26 12:11:47 +0000
committer: beck <> 2020-10-26 12:11:47 +0000
commit: 0ca4c9d221f1ab6d66099fa5e1803a24c8b3331a (patch)
tree: 6cc1bd5a85badfe429dad96db2e0eb31f0288322 /src/regress/lib
parent: 7df3dd01de26ca0cd2d9564f78d3beea427d540a (diff)
download: openbsd-0ca4c9d221f1ab6d66099fa5e1803a24c8b3331a.tar.gz
openbsd-0ca4c9d221f1ab6d66099fa5e1803a24c8b3331a.tar.bz2
openbsd-0ca4c9d221f1ab6d66099fa5e1803a24c8b3331a.zip
2 files changed, 16 insertions, 2 deletions
diff --git a/src/regress/lib/libcrypto/x509/bettertls/verify.c b/src/regress/lib/libcrypto/x509/bettertls/verify.c
index df4b567d9c..e1d97d42ef 100644
--- a/src/regress/lib/libcrypto/x509/bettertls/verify.c
+++ b/src/regress/lib/libcrypto/x509/bettertls/verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: verify.c,v 1.8 2020/10/10 10:19:45 tb Exp $ */
+/* $OpenBSD: verify.c,v 1.9 2020/10/26 12:11:47 beck Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -107,6 +107,7 @@ verify_cert(X509_STORE *store, const char *roots_file, const char *bundle_file,
        X509_VERIFY_PARAM *param, *paramip;
        X509 *leaf = NULL;
        unsigned long flags, flagsip;
+        int verify_err;
        *ip = *dns = 0;
@@ -145,6 +146,11 @@ verify_cert(X509_STORE *store, const char *roots_file, const char *bundle_file,
        if (X509_verify_cert(xsc) == 1)
                *dns = 1;
+        verify_err = X509_STORE_CTX_get_error(xsc);
+        if (verify_err == X509_V_OK && *dns == 0) {
+                fprintf(stderr, "X509_V_OK on failure!\n");
+                *dns = 1;
+        }
        if ((xscip = X509_STORE_CTX_new()) == NULL)
                errx(1, "X509_STORE_CTX");
@@ -170,6 +176,11 @@ verify_cert(X509_STORE *store, const char *roots_file, const char *bundle_file,
        if (X509_verify_cert(xscip) == 1)
                *ip = 1;
+        verify_err = X509_STORE_CTX_get_error(xscip);
+        if (verify_err == X509_V_OK && *ip == 0) {
+                fprintf(stderr, "X509_V_OK on failure!\n");
+                *ip = 1;
+        }
        sk_X509_pop_free(roots, X509_free);
        sk_X509_pop_free(bundle, X509_free);
diff --git a/src/regress/lib/libcrypto/x509/verify.c b/src/regress/lib/libcrypto/x509/verify.c
index f3e883b8ac..added3bd9f 100644
--- a/src/regress/lib/libcrypto/x509/verify.c
+++ b/src/regress/lib/libcrypto/x509/verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: verify.c,v 1.3 2020/09/18 14:58:04 tb Exp $ */
+/* $OpenBSD: verify.c,v 1.4 2020/10/26 12:11:47 beck Exp $ */
 /*
 * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -144,6 +144,9 @@ verify_cert(const char *roots_file, const char *bundle_file, int *chains,
        }
        verify_err = X509_STORE_CTX_get_error(xsc);
+        if (verify_err == 0)
+                errx(1, "Error unset on failure!\n");
        fprintf(stderr, "failed to verify at %d: %s\n",
            X509_STORE_CTX_get_error_depth(xsc),
            X509_verify_cert_error_string(verify_err));
author	beck <>	2020-10-26 12:11:47 +0000
committer	beck <>	2020-10-26 12:11:47 +0000
commit	0ca4c9d221f1ab6d66099fa5e1803a24c8b3331a (patch)
tree	6cc1bd5a85badfe429dad96db2e0eb31f0288322 /src/regress/lib
parent	7df3dd01de26ca0cd2d9564f78d3beea427d540a (diff)
download	openbsd-0ca4c9d221f1ab6d66099fa5e1803a24c8b3331a.tar.gz openbsd-0ca4c9d221f1ab6d66099fa5e1803a24c8b3331a.tar.bz2 openbsd-0ca4c9d221f1ab6d66099fa5e1803a24c8b3331a.zip