diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2017-01-07 06:45:25 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2017-01-07 06:45:25 +0000 |
commit | 365d9e87f923071903fc7100a366d66777c419a5 (patch) | |
tree | 107775bfa84b12102429d0308e7c903a9870459b | |
parent | 54370d4d67a203db5ad60e634974b13512eaf289 (diff) |
Revert part of r1.54 as there are at least two situations where we are still
returning ok == 1, with ctx->error not being X509_V_OK. Hopefully we can
restore this behaviour once these are ironed out.
Discussed with beck@
-rw-r--r-- | lib/libcrypto/x509/x509_vfy.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c index f5559415875..df1966e32b7 100644 --- a/lib/libcrypto/x509/x509_vfy.c +++ b/lib/libcrypto/x509/x509_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_vfy.c,v 1.54 2017/01/03 05:52:28 beck Exp $ */ +/* $OpenBSD: x509_vfy.c,v 1.55 2017/01/07 06:45:24 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -548,9 +548,7 @@ X509_verify_cert(X509_STORE_CTX *ctx) /* Safety net, error returns must set ctx->error */ if (ok <= 0 && ctx->error == X509_V_OK) ctx->error = X509_V_ERR_UNSPECIFIED; - - /* Ensure we only return success with ctx->error of X509_V_OK */ - return (ctx->error == X509_V_OK); + return ok; } /* Given a STACK_OF(X509) find the issuer of cert (if any) |