From b4de5015e5ccb0598fa5e2f21ffe0deeea11e9d4 Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Sun, 8 Jun 2014 14:51:54 +0000 Subject: No, we will not be building with OPENSSL_NO_X509_VERIFY. Nuke it and do some other clean up while here. ok deraadt@ --- lib/libssl/src/ssl/ssl_cert.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) (limited to 'lib') diff --git a/lib/libssl/src/ssl/ssl_cert.c b/lib/libssl/src/ssl/ssl_cert.c index ce8a6b54e09..a6f01c50895 100644 --- a/lib/libssl/src/ssl/ssl_cert.c +++ b/lib/libssl/src/ssl/ssl_cert.c @@ -418,9 +418,9 @@ ssl_set_peer_cert_type(SESS_CERT *sc, int type) int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) { - X509 *x; - int i; X509_STORE_CTX ctx; + X509 *x; + int ret; if ((sk == NULL) || (sk_X509_num(sk) == 0)) return (0); @@ -439,7 +439,8 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) */ X509_STORE_CTX_set_default(&ctx, - s->server ? "ssl_client" : "ssl_server"); + s->server ? "ssl_client" : "ssl_server"); + /* Anything non-default in "param" should overwrite anything in the * ctx. */ @@ -449,21 +450,14 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); if (s->ctx->app_verify_callback != NULL) - i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); - else { -#ifndef OPENSSL_NO_X509_VERIFY - i = X509_verify_cert(&ctx); -#else - i = 0; - ctx.error = X509_V_ERR_APPLICATION_VERIFICATION; - SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK); -#endif - } + ret = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); + else + ret = X509_verify_cert(&ctx); s->verify_result = ctx.error; X509_STORE_CTX_cleanup(&ctx); - return (i); + return (ret); } static void -- cgit v1.2.3