X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fx509%2Fx509_vfy.c;h=73eecd6ee4087c5f56ca97ff4b55dc1073a957f0;hp=db62c9f6a348cead99bae90c22fa592edab3a160;hb=ba8e28248f37d0b77742f9f200fcdf8d54d7d8b4;hpb=f684090cbe0706bcd0280f7a14f609bed3c640c0

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index db62c9f6a3..73eecd6ee4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -80,10 +80,7 @@ const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
 
 static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
 static int x509_store_ctx_num=0;
-#if 0
-static int x509_store_num=1;
-static STACK *x509_store_method=NULL;
-#endif
+
 
 static int null_callback(int ok, X509_STORE_CTX *e)
 	{
@@ -339,16 +336,15 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 	ret = X509_check_issued(issuer, x);
 	if (ret == X509_V_OK)
 		return 1;
-	else
-		{
-		ctx->error = ret;
-		ctx->current_cert = x;
-		ctx->current_issuer = issuer;
-		if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb)
-			return ctx->verify_cb(0, ctx);
-		else
-			return 0;
-		}
+	/* If we haven't asked for issuer errors don't set ctx */
+	if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+		return 0;
+
+	ctx->error = ret;
+	ctx->current_cert = x;
+	ctx->current_issuer = issuer;
+	if (ctx->verify_cb)
+		return ctx->verify_cb(0, ctx);
 	return 0;
 }
 
@@ -649,14 +645,16 @@ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
 ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
 	{
 	time_t t;
+	int type = -1;
 
 	if (in_tm) t = *in_tm;
 	else time(&t);
 
 	t+=adj;
-	if (!s) return ASN1_TIME_set(s, t);
-	if (s->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
-	return ASN1_GENERALIZEDTIME_set(s, t);
+	if (s) type = s->type;
+	if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
+	if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
+	return ASN1_TIME_set(s, t);
 	}
 
 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
@@ -703,12 +701,17 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
 
 int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-        x509_store_ctx_num++;
-        return CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
+	{
+	/* This function is (usually) called only once, by
+	 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
+	 * That function uses locking, so we don't (usually)
+	 * have to worry about locking here. For the whole cruel
+	 * truth, see crypto/ex_data.c */
+	x509_store_ctx_num++;
+	return CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
 		&x509_store_ctx_method,
-                argl,argp,new_func,dup_func,free_func);
-        }
+		argl,argp,new_func,dup_func,free_func);
+	}
 
 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
 	{