src - OpenBSD base system

diff options


context:
space:
mode:

author	Bob Beck <beck@cvs.openbsd.org>	2017-01-29 17:49:24 +0000
committer	Bob Beck <beck@cvs.openbsd.org>	2017-01-29 17:49:24 +0000
commit	c95f3b2c0c39020aafaffd84899a33ece0210769 (patch)
tree	6d6e55f6c8b4047319196f43823ad30170dfe061 /lib/libcrypto/ocsp
parent	b8dd3a8e12bfab2c15794994bc5bdc1397125536 (diff)

Send the function codes from the error functions to the bit bucket,

as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@

Diffstat (limited to 'lib/libcrypto/ocsp')

-rw-r--r--

lib/libcrypto/ocsp/ocsp_cl.c

-rw-r--r--

lib/libcrypto/ocsp/ocsp_err.c

-rw-r--r--

lib/libcrypto/ocsp/ocsp_ht.c

-rw-r--r--

lib/libcrypto/ocsp/ocsp_lib.c

-rw-r--r--

lib/libcrypto/ocsp/ocsp_srv.c

-rw-r--r--

lib/libcrypto/ocsp/ocsp_vfy.c

6 files changed, 43 insertions, 87 deletions

diff --git a/lib/libcrypto/ocsp/ocsp_cl.c b/lib/libcrypto/ocsp/ocsp_cl.c
index 6b8fb878804..04ea6866a54 100644
--- a/lib/libcrypto/ocsp/ocsp_cl.c
+++ b/lib/libcrypto/ocsp/ocsp_cl.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ocsp_cl.c,v 1.13 2016/12/30 15:31:58 jsing Exp $ */

+/* $OpenBSD: ocsp_cl.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */

/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL

* project. */

@@ -159,8 +159,7 @@ OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key,

goto err;

if (key) {

if (!X509_check_private_key(signer, key)) {

- OCSPerr(OCSP_F_OCSP_REQUEST_SIGN,

- OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);

+ OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);

goto err;

}

if (!OCSP_REQUEST_sign(req, key, dgst))

@@ -202,13 +201,11 @@ OCSP_response_get1_basic(OCSP_RESPONSE *resp)

rb = resp->responseBytes;

if (!rb) {

- OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC,

- OCSP_R_NO_RESPONSE_DATA);

+ OCSPerror(OCSP_R_NO_RESPONSE_DATA);

return NULL;

}

if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {

- OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC,

- OCSP_R_NOT_BASIC_RESPONSE);

+ OCSPerror(OCSP_R_NOT_BASIC_RESPONSE);

return NULL;

}

@@ -341,16 +338,14 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,

/* Check thisUpdate is valid and not more than nsec in the future */

if (ASN1_time_parse(thisupd->data, thisupd->length, &tm_this,

V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {

- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,

- OCSP_R_ERROR_IN_THISUPDATE_FIELD);

+ OCSPerror(OCSP_R_ERROR_IN_THISUPDATE_FIELD);

return 0;

} else {

t_tmp = t_now + nsec;

if (gmtime_r(&t_tmp, &tm_tmp) == NULL)

return 0;

if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) > 0) {

- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,

- OCSP_R_STATUS_NOT_YET_VALID);

+ OCSPerror(OCSP_R_STATUS_NOT_YET_VALID);

return 0;

}

@@ -363,8 +358,7 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,

if (gmtime_r(&t_tmp, &tm_tmp) == NULL)

return 0;

if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) < 0) {

- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,

- OCSP_R_STATUS_TOO_OLD);

+ OCSPerror(OCSP_R_STATUS_TOO_OLD);

return 0;

}

@@ -376,24 +370,21 @@ OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,

/* Check nextUpdate is valid and not more than nsec in the past */

if (ASN1_time_parse(nextupd->data, nextupd->length, &tm_next,

V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) {

- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,

- OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);

+ OCSPerror(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);

return 0;

} else {

t_tmp = t_now - nsec;

if (gmtime_r(&t_tmp, &tm_tmp) == NULL)

return 0;

if (ASN1_time_tm_cmp(&tm_next, &tm_tmp) < 0) {

- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,

- OCSP_R_STATUS_EXPIRED);

+ OCSPerror(OCSP_R_STATUS_EXPIRED);

return 0;

}

/* Also don't allow nextUpdate to precede thisUpdate */

if (ASN1_time_tm_cmp(&tm_next, &tm_this) < 0) {

- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,

- OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);

+ OCSPerror(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);

return 0;

}

diff --git a/lib/libcrypto/ocsp/ocsp_err.c b/lib/libcrypto/ocsp/ocsp_err.c
index af781074b62..9e3237f6a4c 100644
--- a/lib/libcrypto/ocsp/ocsp_err.c
+++ b/lib/libcrypto/ocsp/ocsp_err.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ocsp_err.c,v 1.7 2014/07/10 22:45:57 jsing Exp $ */

+/* $OpenBSD: ocsp_err.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */

/* ====================================================================

@@ -72,25 +72,7 @@

#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)

static ERR_STRING_DATA OCSP_str_functs[]= {

- {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},

- {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},

- {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},

- {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},

- {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},

- {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"},

- {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},

- {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},

- {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},

- {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},

- {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},

- {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},

- {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},

- {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},

- {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},

- {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},

- {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"},

- {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"},

- {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},

+ {ERR_FUNC(0xfff), "CRYPTO_internal"},

{0, NULL}

};

diff --git a/lib/libcrypto/ocsp/ocsp_ht.c b/lib/libcrypto/ocsp/ocsp_ht.c
index 61af3717b78..b9c969928ac 100644
--- a/lib/libcrypto/ocsp/ocsp_ht.c
+++ b/lib/libcrypto/ocsp/ocsp_ht.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ocsp_ht.c,v 1.23 2016/11/05 15:21:20 miod Exp $ */

+/* $OpenBSD: ocsp_ht.c,v 1.24 2017/01/29 17:49:23 beck Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 2006.

@@ -207,8 +207,7 @@ parse_http_line1(char *line)

for (p = line; *p && !isspace((unsigned char)*p); p++)

continue;

if (!*p) {

- OCSPerr(OCSP_F_PARSE_HTTP_LINE1,

- OCSP_R_SERVER_RESPONSE_PARSE_ERROR);

+ OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);

return 0;

}

@@ -216,8 +215,7 @@ parse_http_line1(char *line)

while (*p && isspace((unsigned char)*p))

p++;

if (!*p) {

- OCSPerr(OCSP_F_PARSE_HTTP_LINE1,

- OCSP_R_SERVER_RESPONSE_PARSE_ERROR);

+ OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);

return 0;

}

@@ -225,8 +223,7 @@ parse_http_line1(char *line)

for (q = p; *q && !isspace((unsigned char)*q); q++)

continue;

if (!*q) {

- OCSPerr(OCSP_F_PARSE_HTTP_LINE1,

- OCSP_R_SERVER_RESPONSE_PARSE_ERROR);

+ OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);

return 0;

}

@@ -251,7 +248,7 @@ parse_http_line1(char *line)

*r = 0;

}

if (retcode != 200) {

- OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);

+ OCSPerror(OCSP_R_SERVER_RESPONSE_ERROR);

if (!*q)

ERR_asprintf_error_data("Code=%s", p);

else

diff --git a/lib/libcrypto/ocsp/ocsp_lib.c b/lib/libcrypto/ocsp/ocsp_lib.c
index 4a109b55134..d56a0020964 100644
--- a/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/lib/libcrypto/ocsp/ocsp_lib.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ocsp_lib.c,v 1.19 2016/12/21 18:13:59 beck Exp $ */

+/* $OpenBSD: ocsp_lib.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */

/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL

* project. */

@@ -115,7 +115,7 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,

if (alg->algorithm != NULL)

ASN1_OBJECT_free(alg->algorithm);

if ((nid = EVP_MD_type(dgst)) == NID_undef) {

- OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);

+ OCSPerror(OCSP_R_UNKNOWN_NID);

goto err;

}

if (!(alg->algorithm = OBJ_nid2obj(nid)))

@@ -144,7 +144,7 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,

return cid;

digerr:

- OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);

+ OCSPerror(OCSP_R_DIGEST_ERR);

err:

if (cid)

OCSP_CERTID_free(cid);

@@ -193,11 +193,11 @@ OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)

} else if (strncmp(url, "http://", 7) == 0)

host = strdup(url + 7);

else {

- OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);

+ OCSPerror(OCSP_R_ERROR_PARSING_URL);

return 0;

}

if (host == NULL) {

- OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);

+ OCSPerror(ERR_R_MALLOC_FAILURE);

return 0;

}

@@ -221,7 +221,7 @@ OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)

free(host);

free(path);

free(port);

- OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);

+ OCSPerror(ERR_R_MALLOC_FAILURE);

return 0;

}

diff --git a/lib/libcrypto/ocsp/ocsp_srv.c b/lib/libcrypto/ocsp/ocsp_srv.c
index ee4a5dd6db3..a9e0aaab2f1 100644
--- a/lib/libcrypto/ocsp/ocsp_srv.c
+++ b/lib/libcrypto/ocsp/ocsp_srv.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ocsp_srv.c,v 1.9 2016/12/30 15:31:58 jsing Exp $ */

+/* $OpenBSD: ocsp_srv.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 2001.

@@ -168,8 +168,7 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status,

switch (cs->type = status) {

case V_OCSP_CERTSTATUS_REVOKED:

if (!revtime) {

- OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,

- OCSP_R_NO_REVOKED_TIME);

+ OCSPerror(OCSP_R_NO_REVOKED_TIME);

goto err;

}

if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))

@@ -226,8 +225,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,

OCSP_RESPID *rid;

if (!X509_check_private_key(signer, key)) {

- OCSPerr(OCSP_F_OCSP_BASIC_SIGN,

- OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);

+ OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);

goto err;

}

diff --git a/lib/libcrypto/ocsp/ocsp_vfy.c b/lib/libcrypto/ocsp/ocsp_vfy.c
index 80dd54e9584..ebdd826878e 100644
--- a/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/lib/libcrypto/ocsp/ocsp_vfy.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ocsp_vfy.c,v 1.14 2016/11/05 13:27:53 miod Exp $ */

+/* $OpenBSD: ocsp_vfy.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */

/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

* project 2000.

@@ -86,8 +86,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,

ret = ocsp_find_signer(&signer, bs, certs, st, flags);

if (!ret) {

- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,

- OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);

+ OCSPerror(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);

goto end;

}

if ((ret == 2) && (flags & OCSP_TRUSTOTHER))

@@ -101,8 +100,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,

EVP_PKEY_free(skey);

}

if (!skey || ret <= 0) {

- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,

- OCSP_R_SIGNATURE_FAILURE);

+ OCSPerror(OCSP_R_SIGNATURE_FAILURE);

goto end;

}

@@ -116,8 +114,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,

for (i = 0; i < sk_X509_num(certs); i++) {

if (!sk_X509_push(untrusted,

sk_X509_value(certs, i))) {

- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,

- ERR_R_MALLOC_FAILURE);

+ OCSPerror(ERR_R_MALLOC_FAILURE);

goto end;

}

@@ -126,7 +123,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,

init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted);

if (!init_res) {

ret = -1;

- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);

+ OCSPerror(ERR_R_X509_LIB);

goto end;

}

@@ -141,8 +138,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,

X509_STORE_CTX_cleanup(&ctx);

if (ret <= 0) {

i = X509_STORE_CTX_get_error(&ctx);

- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,

- OCSP_R_CERTIFICATE_VERIFY_ERROR);

+ OCSPerror(OCSP_R_CERTIFICATE_VERIFY_ERROR);

ERR_asprintf_error_data("Verify error:%s",

X509_verify_cert_error_string(i));

goto end;

@@ -169,8 +165,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,

x = sk_X509_value(chain, sk_X509_num(chain) - 1);

if (X509_check_trust(x, NID_OCSP_sign, 0) !=

X509_TRUST_TRUSTED) {

- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,

- OCSP_R_ROOT_CA_NOT_TRUSTED);

+ OCSPerror(OCSP_R_ROOT_CA_NOT_TRUSTED);

goto end;

}

ret = 1;

@@ -245,8 +240,7 @@ ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,

sresp = bs->tbsResponseData->responses;

if (sk_X509_num(chain) <= 0) {

- OCSPerr(OCSP_F_OCSP_CHECK_ISSUER,

- OCSP_R_NO_CERTIFICATES_IN_CHAIN);

+ OCSPerror(OCSP_R_NO_CERTIFICATES_IN_CHAIN);

return -1;

}

@@ -288,8 +282,7 @@ ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)

idcount = sk_OCSP_SINGLERESP_num(sresp);

if (idcount <= 0) {

- OCSPerr(OCSP_F_OCSP_CHECK_IDS,

- OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);

+ OCSPerror(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);

return -1;

}

@@ -323,8 +316,7 @@ ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,

if (!(dgst =

EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) {

- OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,

- OCSP_R_UNKNOWN_MESSAGE_DIGEST);

+ OCSPerror(OCSP_R_UNKNOWN_MESSAGE_DIGEST);

return -1;

}

@@ -365,7 +357,7 @@ ocsp_check_delegated(X509 *x, int flags)

X509_check_purpose(x, -1, 0);

if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN))

return 1;

- OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);

+ OCSPerror(OCSP_R_MISSING_OCSPSIGNING_USAGE);

return 0;

}

@@ -384,20 +376,18 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,

X509_STORE_CTX ctx;

if (!req->optionalSignature) {

- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);

+ OCSPerror(OCSP_R_REQUEST_NOT_SIGNED);

return 0;

}

gen = req->tbsRequest->requestorName;

if (!gen || gen->type != GEN_DIRNAME) {

- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,

- OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);

+ OCSPerror(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);

return 0;

}

nm = gen->d.directoryName;

ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);

if (ret <= 0) {

- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,

- OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);

+ OCSPerror(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);

return 0;

}

if ((ret == 2) && (flags & OCSP_TRUSTOTHER))

@@ -409,8 +399,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,

ret = OCSP_REQUEST_verify(req, skey);

EVP_PKEY_free(skey);

if (ret <= 0) {

- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,

- OCSP_R_SIGNATURE_FAILURE);

+ OCSPerror(OCSP_R_SIGNATURE_FAILURE);

return 0;

}

@@ -424,7 +413,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,

init_res = X509_STORE_CTX_init(&ctx, store, signer,

req->optionalSignature->certs);

if (!init_res) {

- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);

+ OCSPerror(ERR_R_X509_LIB);

return 0;

}

@@ -439,8 +428,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,

X509_STORE_CTX_cleanup(&ctx);

if (ret <= 0) {

ret = X509_STORE_CTX_get_error(&ctx);

- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,

- OCSP_R_CERTIFICATE_VERIFY_ERROR);

+ OCSPerror(OCSP_R_CERTIFICATE_VERIFY_ERROR);

ERR_asprintf_error_data("Verify error:%s",

X509_verify_cert_error_string(ret));

return 0;