summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoel Sing <jsing@cvs.openbsd.org>2017-01-07 06:45:25 +0000
committerJoel Sing <jsing@cvs.openbsd.org>2017-01-07 06:45:25 +0000
commit365d9e87f923071903fc7100a366d66777c419a5 (patch)
tree107775bfa84b12102429d0308e7c903a9870459b
parent54370d4d67a203db5ad60e634974b13512eaf289 (diff)
Revert part of r1.54 as there are at least two situations where we are still
returning ok == 1, with ctx->error not being X509_V_OK. Hopefully we can restore this behaviour once these are ironed out. Discussed with beck@
-rw-r--r--lib/libcrypto/x509/x509_vfy.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/libcrypto/x509/x509_vfy.c b/lib/libcrypto/x509/x509_vfy.c
index f5559415875..df1966e32b7 100644
--- a/lib/libcrypto/x509/x509_vfy.c
+++ b/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.54 2017/01/03 05:52:28 beck Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.55 2017/01/07 06:45:24 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -548,9 +548,7 @@ X509_verify_cert(X509_STORE_CTX *ctx)
/* Safety net, error returns must set ctx->error */
if (ok <= 0 && ctx->error == X509_V_OK)
ctx->error = X509_V_ERR_UNSPECIFIED;
-
- /* Ensure we only return success with ctx->error of X509_V_OK */
- return (ctx->error == X509_V_OK);
+ return ok;
}
/* Given a STACK_OF(X509) find the issuer of cert (if any)