diff options
| author | jsing <> | 2014-06-08 14:51:53 +0000 |
|---|---|---|
| committer | jsing <> | 2014-06-08 14:51:53 +0000 |
| commit | 6edaa113208368ea663f46ef4188ba92cadb51a4 (patch) | |
| tree | b125d79320b20feee2df7072929682719cf4dc97 /src | |
| parent | 0dd57e34be7e25a7d1f09fccc6c9487405424ca5 (diff) | |
| download | openbsd-6edaa113208368ea663f46ef4188ba92cadb51a4.tar.gz openbsd-6edaa113208368ea663f46ef4188ba92cadb51a4.tar.bz2 openbsd-6edaa113208368ea663f46ef4188ba92cadb51a4.zip | |
No, we will not be building with OPENSSL_NO_X509_VERIFY. Nuke it and
do some other clean up while here.
ok deraadt@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl_cert.c | 22 | ||||
| -rw-r--r-- | src/lib/libssl/ssl_cert.c | 22 |
2 files changed, 16 insertions, 28 deletions
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c index ce8a6b54e0..a6f01c5089 100644 --- a/src/lib/libssl/src/ssl/ssl_cert.c +++ b/src/lib/libssl/src/ssl/ssl_cert.c | |||
| @@ -418,9 +418,9 @@ ssl_set_peer_cert_type(SESS_CERT *sc, int type) | |||
| 418 | int | 418 | int |
| 419 | ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) | 419 | ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) |
| 420 | { | 420 | { |
| 421 | X509 *x; | ||
| 422 | int i; | ||
| 423 | X509_STORE_CTX ctx; | 421 | X509_STORE_CTX ctx; |
| 422 | X509 *x; | ||
| 423 | int ret; | ||
| 424 | 424 | ||
| 425 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) | 425 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) |
| 426 | return (0); | 426 | return (0); |
| @@ -439,7 +439,8 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) | |||
| 439 | */ | 439 | */ |
| 440 | 440 | ||
| 441 | X509_STORE_CTX_set_default(&ctx, | 441 | X509_STORE_CTX_set_default(&ctx, |
| 442 | s->server ? "ssl_client" : "ssl_server"); | 442 | s->server ? "ssl_client" : "ssl_server"); |
| 443 | |||
| 443 | /* Anything non-default in "param" should overwrite anything in the | 444 | /* Anything non-default in "param" should overwrite anything in the |
| 444 | * ctx. | 445 | * ctx. |
| 445 | */ | 446 | */ |
| @@ -449,21 +450,14 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) | |||
| 449 | X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); | 450 | X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); |
| 450 | 451 | ||
| 451 | if (s->ctx->app_verify_callback != NULL) | 452 | if (s->ctx->app_verify_callback != NULL) |
| 452 | i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); | 453 | ret = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); |
| 453 | else { | 454 | else |
| 454 | #ifndef OPENSSL_NO_X509_VERIFY | 455 | ret = X509_verify_cert(&ctx); |
| 455 | i = X509_verify_cert(&ctx); | ||
| 456 | #else | ||
| 457 | i = 0; | ||
| 458 | ctx.error = X509_V_ERR_APPLICATION_VERIFICATION; | ||
| 459 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK); | ||
| 460 | #endif | ||
| 461 | } | ||
| 462 | 456 | ||
| 463 | s->verify_result = ctx.error; | 457 | s->verify_result = ctx.error; |
| 464 | X509_STORE_CTX_cleanup(&ctx); | 458 | X509_STORE_CTX_cleanup(&ctx); |
| 465 | 459 | ||
| 466 | return (i); | 460 | return (ret); |
| 467 | } | 461 | } |
| 468 | 462 | ||
| 469 | static void | 463 | static void |
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index ce8a6b54e0..a6f01c5089 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c | |||
| @@ -418,9 +418,9 @@ ssl_set_peer_cert_type(SESS_CERT *sc, int type) | |||
| 418 | int | 418 | int |
| 419 | ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) | 419 | ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) |
| 420 | { | 420 | { |
| 421 | X509 *x; | ||
| 422 | int i; | ||
| 423 | X509_STORE_CTX ctx; | 421 | X509_STORE_CTX ctx; |
| 422 | X509 *x; | ||
| 423 | int ret; | ||
| 424 | 424 | ||
| 425 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) | 425 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) |
| 426 | return (0); | 426 | return (0); |
| @@ -439,7 +439,8 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) | |||
| 439 | */ | 439 | */ |
| 440 | 440 | ||
| 441 | X509_STORE_CTX_set_default(&ctx, | 441 | X509_STORE_CTX_set_default(&ctx, |
| 442 | s->server ? "ssl_client" : "ssl_server"); | 442 | s->server ? "ssl_client" : "ssl_server"); |
| 443 | |||
| 443 | /* Anything non-default in "param" should overwrite anything in the | 444 | /* Anything non-default in "param" should overwrite anything in the |
| 444 | * ctx. | 445 | * ctx. |
| 445 | */ | 446 | */ |
| @@ -449,21 +450,14 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) | |||
| 449 | X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); | 450 | X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); |
| 450 | 451 | ||
| 451 | if (s->ctx->app_verify_callback != NULL) | 452 | if (s->ctx->app_verify_callback != NULL) |
| 452 | i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); | 453 | ret = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); |
| 453 | else { | 454 | else |
| 454 | #ifndef OPENSSL_NO_X509_VERIFY | 455 | ret = X509_verify_cert(&ctx); |
| 455 | i = X509_verify_cert(&ctx); | ||
| 456 | #else | ||
| 457 | i = 0; | ||
| 458 | ctx.error = X509_V_ERR_APPLICATION_VERIFICATION; | ||
| 459 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK); | ||
| 460 | #endif | ||
| 461 | } | ||
| 462 | 456 | ||
| 463 | s->verify_result = ctx.error; | 457 | s->verify_result = ctx.error; |
| 464 | X509_STORE_CTX_cleanup(&ctx); | 458 | X509_STORE_CTX_cleanup(&ctx); |
| 465 | 459 | ||
| 466 | return (i); | 460 | return (ret); |
| 467 | } | 461 | } |
| 468 | 462 | ||
| 469 | static void | 463 | static void |