Revert part of r1.54 as there are at least two situations where we are still

returning ok == 1, with ctx->error not being X509_V_OK. Hopefully we can restore this behaviour once these are ironed out. Discussed with beck@
author: jsing <> 2017-01-07 06:45:24 +0000
committer: jsing <> 2017-01-07 06:45:24 +0000
commit: ba862c0cbda35451bd95b10a85c4f0eba1c956f9 (patch)
tree: d6c995fa61bbe0e1f6369c18737776365728fcf3 /src
parent: 712ad2e7fe88533fba2bc7cd80a3ec398a4d3937 (diff)
download: openbsd-ba862c0cbda35451bd95b10a85c4f0eba1c956f9.tar.gz
openbsd-ba862c0cbda35451bd95b10a85c4f0eba1c956f9.tar.bz2
openbsd-ba862c0cbda35451bd95b10a85c4f0eba1c956f9.zip
1 files changed, 2 insertions, 4 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index f555941587..df1966e32b 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.54 2017/01/03 05:52:28 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.55 2017/01/07 06:45:24 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -548,9 +548,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
        /* Safety net, error returns must set ctx->error */
        if (ok <= 0 && ctx->error == X509_V_OK)
                ctx->error = X509_V_ERR_UNSPECIFIED;
+        return ok;
-        /* Ensure we only return success with ctx->error of X509_V_OK */
-        return (ctx->error == X509_V_OK);
 }
 /* Given a STACK_OF(X509) find the issuer of cert (if any)
author	jsing <>	2017-01-07 06:45:24 +0000
committer	jsing <>	2017-01-07 06:45:24 +0000
commit	ba862c0cbda35451bd95b10a85c4f0eba1c956f9 (patch)
tree	d6c995fa61bbe0e1f6369c18737776365728fcf3 /src
parent	712ad2e7fe88533fba2bc7cd80a3ec398a4d3937 (diff)
download	openbsd-ba862c0cbda35451bd95b10a85c4f0eba1c956f9.tar.gz openbsd-ba862c0cbda35451bd95b10a85c4f0eba1c956f9.tar.bz2 openbsd-ba862c0cbda35451bd95b10a85c4f0eba1c956f9.zip

diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index f555941587..df1966e32b 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.c,v 1.54 2017/01/03 05:52:28 beck Exp $ */	1	/* $OpenBSD: x509_vfy.c,v 1.55 2017/01/07 06:45:24 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -548,9 +548,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
548	/* Safety net, error returns must set ctx->error */	548	/* Safety net, error returns must set ctx->error */
549	if (ok <= 0 && ctx->error == X509_V_OK)	549	if (ok <= 0 && ctx->error == X509_V_OK)
550	ctx->error = X509_V_ERR_UNSPECIFIED;	550	ctx->error = X509_V_ERR_UNSPECIFIED;
551		551	return ok;
552	/* Ensure we only return success with ctx->error of X509_V_OK */
553	return (ctx->error == X509_V_OK);
554	}	552	}
555		553
556	/* Given a STACK_OF(X509) find the issuer of cert (if any)	554	/* Given a STACK_OF(X509) find the issuer of cert (if any)