diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2014-06-08 14:51:54 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2014-06-08 14:51:54 +0000 |
| commit | b4de5015e5ccb0598fa5e2f21ffe0deeea11e9d4 (patch) | |
| tree | 0296cbcac6fd84470a4c6d305cbb3b1b7f7ad9e2 /lib | |
| parent | d6f5b5023abfd9c80b868fa1fd93ad6d1f350024 (diff) | |
No, we will not be building with OPENSSL_NO_X509_VERIFY. Nuke it and
do some other clean up while here.
ok deraadt@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libssl/src/ssl/ssl_cert.c | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c index ce8a6b54e09..a6f01c50895 100644 --- a/lib/libssl/src/ssl/ssl_cert.c +++ b/lib/libssl/src/ssl/ssl_cert.c @@ -418,9 +418,9 @@ ssl_set_peer_cert_type(SESS_CERT *sc, int type) int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) { - X509 *x; - int i; X509_STORE_CTX ctx; + X509 *x; + int ret; if ((sk == NULL) || (sk_X509_num(sk) == 0)) return (0); @@ -439,7 +439,8 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) */ X509_STORE_CTX_set_default(&ctx, - s->server ? "ssl_client" : "ssl_server"); + s->server ? "ssl_client" : "ssl_server"); + /* Anything non-default in "param" should overwrite anything in the * ctx. */ @@ -449,21 +450,14 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); if (s->ctx->app_verify_callback != NULL) - i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); - else { -#ifndef OPENSSL_NO_X509_VERIFY - i = X509_verify_cert(&ctx); -#else - i = 0; - ctx.error = X509_V_ERR_APPLICATION_VERIFICATION; - SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK); -#endif - } + ret = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); + else + ret = X509_verify_cert(&ctx); s->verify_result = ctx.error; X509_STORE_CTX_cleanup(&ctx); - return (i); + return (ret); } static void |