summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2014-06-08 14:51:54 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2014-06-08 14:51:54 +0000
commit0f3c09338c46c4ac734296722b583508ee3d8894 (patch)
treee7983814446140ea931b1f175ded31dcd5f8d6bd
parent7ec2d6c57991eac0e6a542c76a1e66af469dd221 (diff)
No, we will not be building with OPENSSL_NO_X509_VERIFY. Nuke it and
do some other clean up while here. ok deraadt@
-rw-r--r--lib/libssl/ssl_cert.c22
1 files changed, 8 insertions, 14 deletions
diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index ce8a6b54e09..a6f01c50895 100644
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c
@@ -418,9 +418,9 @@ ssl_set_peer_cert_type(SESS_CERT *sc, int type)
int
ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
{
- X509 *x;
- int i;
X509_STORE_CTX ctx;
+ X509 *x;
+ int ret;
if ((sk == NULL) || (sk_X509_num(sk) == 0))
return (0);
@@ -439,7 +439,8 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
*/
X509_STORE_CTX_set_default(&ctx,
- s->server ? "ssl_client" : "ssl_server");
+ s->server ? "ssl_client" : "ssl_server");
+
/* Anything non-default in "param" should overwrite anything in the
* ctx.
*/
@@ -449,21 +450,14 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
if (s->ctx->app_verify_callback != NULL)
- i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
- else {
-#ifndef OPENSSL_NO_X509_VERIFY
- i = X509_verify_cert(&ctx);
-#else
- i = 0;
- ctx.error = X509_V_ERR_APPLICATION_VERIFICATION;
- SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK);
-#endif
- }
+ ret = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
+ else
+ ret = X509_verify_cert(&ctx);
s->verify_result = ctx.error;
X509_STORE_CTX_cleanup(&ctx);
- return (i);
+ return (ret);
}
static void