1 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 9b823fddbd..50308487aa 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -972,7 +972,7 @@ int ssl3_get_server_certificate(SSL *s)
                }
        i=ssl_verify_cert_chain(s,sk);
-        if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
+        if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
 #ifndef OPENSSL_NO_KRB5
                && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
                != (SSL_aKRB5|SSL_kKRB5)
@@ -1006,7 +1006,7 @@ int ssl3_get_server_certificate(SSL *s)
                         == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
 #ifdef KSSL_DEBUG
-        printf("pkey,x = %p, %p\n", pkey,x);
+        printf("pkey,x = %p, %p\n", (void *)pkey,(void *)x);
        printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
        printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
                s->s3->tmp.new_cipher->algorithms, need_cert);
@@ -1459,7 +1459,7 @@ int ssl3_get_key_exchange(SSL *s)
                        EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
                        EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
                        EVP_VerifyUpdate(&md_ctx,param,param_len);
-                        if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
+                        if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
                                {
                                /* bad signature */
                                al=SSL_AD_DECRYPT_ERROR;
@@ -1477,7 +1477,7 @@ int ssl3_get_key_exchange(SSL *s)
                        EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
                        EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
                        EVP_VerifyUpdate(&md_ctx,param,param_len);
-                        if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
+                        if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
                                {
                                /* bad signature */
                                al=SSL_AD_DECRYPT_ERROR;
@@ -1777,7 +1777,7 @@ int ssl3_get_cert_status(SSL *s)
                goto f_err;
                }
        n2l3(p, resplen);
-        if (resplen + 4 != n)
+        if (resplen + 4 != (unsigned long)n)
                {
                al = SSL_AD_DECODE_ERROR;
                SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 9b823fddbd..50308487aa 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -972,7 +972,7 @@ int ssl3_get_server_certificate(SSL *s)
972	}	972	}
973		973
974	i=ssl_verify_cert_chain(s,sk);	974	i=ssl_verify_cert_chain(s,sk);
975	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)	975	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
976	#ifndef OPENSSL_NO_KRB5	976	#ifndef OPENSSL_NO_KRB5
977	&& (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK\|SSL_AUTH_MASK))	977	&& (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK\|SSL_AUTH_MASK))
978	!= (SSL_aKRB5\|SSL_kKRB5)	978	!= (SSL_aKRB5\|SSL_kKRB5)
@@ -1006,7 +1006,7 @@ int ssl3_get_server_certificate(SSL *s)
1006	== (SSL_aKRB5\|SSL_kKRB5))? 0: 1;	1006	== (SSL_aKRB5\|SSL_kKRB5))? 0: 1;
1007		1007
1008	#ifdef KSSL_DEBUG	1008	#ifdef KSSL_DEBUG
1009	printf("pkey,x = %p, %p\n", pkey,x);	1009	printf("pkey,x = %p, %p\n", (void )pkey,(void )x);
1010	printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));	1010	printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
1011	printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,	1011	printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
1012	s->s3->tmp.new_cipher->algorithms, need_cert);	1012	s->s3->tmp.new_cipher->algorithms, need_cert);
@@ -1459,7 +1459,7 @@ int ssl3_get_key_exchange(SSL *s)
1459	EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);	1459	EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1460	EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);	1460	EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1461	EVP_VerifyUpdate(&md_ctx,param,param_len);	1461	EVP_VerifyUpdate(&md_ctx,param,param_len);
1462	if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))	1462	if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
1463	{	1463	{
1464	/* bad signature */	1464	/* bad signature */
1465	al=SSL_AD_DECRYPT_ERROR;	1465	al=SSL_AD_DECRYPT_ERROR;
@@ -1477,7 +1477,7 @@ int ssl3_get_key_exchange(SSL *s)
1477	EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);	1477	EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
1478	EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);	1478	EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
1479	EVP_VerifyUpdate(&md_ctx,param,param_len);	1479	EVP_VerifyUpdate(&md_ctx,param,param_len);
1480	if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))	1480	if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
1481	{	1481	{
1482	/* bad signature */	1482	/* bad signature */
1483	al=SSL_AD_DECRYPT_ERROR;	1483	al=SSL_AD_DECRYPT_ERROR;
@@ -1777,7 +1777,7 @@ int ssl3_get_cert_status(SSL *s)
1777	goto f_err;	1777	goto f_err;
1778	}	1778	}
1779	n2l3(p, resplen);	1779	n2l3(p, resplen);
1780	if (resplen + 4 != n)	1780	if (resplen + 4 != (unsigned long)n)
1781	{	1781	{
1782	al = SSL_AD_DECODE_ERROR;	1782	al = SSL_AD_DECODE_ERROR;
1783	SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);	1783	SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);