diff options
| author | jsing <> | 2017-01-07 13:49:07 +0000 |
|---|---|---|
| committer | jsing <> | 2017-01-07 13:49:07 +0000 |
| commit | d8b3f04598b19d1443d28946c9c8dfb007db4700 (patch) | |
| tree | f2085405a6211d9828d5d0a132f8c7690f4ff733 /src | |
| parent | cb094ffdfb8c78ec0a740faf2c57d4a2cb6d9423 (diff) | |
| download | openbsd-d8b3f04598b19d1443d28946c9c8dfb007db4700.tar.gz openbsd-d8b3f04598b19d1443d28946c9c8dfb007db4700.tar.bz2 openbsd-d8b3f04598b19d1443d28946c9c8dfb007db4700.zip | |
Add and remove some blank lines, in order to make X509_verify_cert()
(slightly) more readable.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_vfy.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index df1966e32b..a2247bcc5b 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_vfy.c,v 1.55 2017/01/07 06:45:24 jsing Exp $ */ | 1 | /* $OpenBSD: x509_vfy.c,v 1.56 2017/01/07 13:49:07 jsing Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -226,6 +226,7 @@ X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 226 | int num, j, retry, trust; | 226 | int num, j, retry, trust; |
| 227 | int (*cb) (int xok, X509_STORE_CTX *xctx); | 227 | int (*cb) (int xok, X509_STORE_CTX *xctx); |
| 228 | STACK_OF(X509) *sktmp = NULL; | 228 | STACK_OF(X509) *sktmp = NULL; |
| 229 | |||
| 229 | if (ctx->cert == NULL) { | 230 | if (ctx->cert == NULL) { |
| 230 | X509err(X509_F_X509_VERIFY_CERT, | 231 | X509err(X509_F_X509_VERIFY_CERT, |
| 231 | X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); | 232 | X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); |
| @@ -506,26 +507,21 @@ X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 506 | 507 | ||
| 507 | /* We have the chain complete: now we need to check its purpose */ | 508 | /* We have the chain complete: now we need to check its purpose */ |
| 508 | ok = check_chain_extensions(ctx); | 509 | ok = check_chain_extensions(ctx); |
| 509 | |||
| 510 | if (!ok) | 510 | if (!ok) |
| 511 | goto end; | 511 | goto end; |
| 512 | 512 | ||
| 513 | /* Check name constraints */ | 513 | /* Check name constraints */ |
| 514 | |||
| 515 | ok = check_name_constraints(ctx); | 514 | ok = check_name_constraints(ctx); |
| 516 | |||
| 517 | if (!ok) | 515 | if (!ok) |
| 518 | goto end; | 516 | goto end; |
| 519 | 517 | ||
| 520 | ok = check_id(ctx); | 518 | ok = check_id(ctx); |
| 521 | |||
| 522 | if (!ok) | 519 | if (!ok) |
| 523 | goto end; | 520 | goto end; |
| 524 | /* | 521 | /* |
| 525 | * Check revocation status: we do this after copying parameters because | 522 | * Check revocation status: we do this after copying parameters because |
| 526 | * they may be needed for CRL signature verification. | 523 | * they may be needed for CRL signature verification. |
| 527 | */ | 524 | */ |
| 528 | |||
| 529 | ok = ctx->check_revocation(ctx); | 525 | ok = ctx->check_revocation(ctx); |
| 530 | if (!ok) | 526 | if (!ok) |
| 531 | goto end; | 527 | goto end; |
| @@ -537,9 +533,11 @@ X509_verify_cert(X509_STORE_CTX *ctx) | |||
| 537 | ok = internal_verify(ctx); | 533 | ok = internal_verify(ctx); |
| 538 | if (!ok) | 534 | if (!ok) |
| 539 | goto end; | 535 | goto end; |
| 536 | |||
| 540 | /* If we get this far evaluate policies */ | 537 | /* If we get this far evaluate policies */ |
| 541 | if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) | 538 | if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) |
| 542 | ok = ctx->check_policy(ctx); | 539 | ok = ctx->check_policy(ctx); |
| 540 | |||
| 543 | end: | 541 | end: |
| 544 | if (sktmp != NULL) | 542 | if (sktmp != NULL) |
| 545 | sk_X509_free(sktmp); | 543 | sk_X509_free(sktmp); |