Only use the new informational verify codes if we

specifically ask for them.

Fix typo in docs.

diff --git a/CHANGES b/CHANGES
index 7645d6f5f96e7c7ccd80ccdbcf5c371e29dbb2d1..26fb7f8a89c4fbce6270559719f235102e20a705 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
 
  Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
 
 
  Changes between 0.9.5a and 0.9.6  [xx XXX 2000]
 

+  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
+     not set then we don't setup the error code for issuer check errors
+     to avoid possibly overwriting other errors which the callback does
+     handle. If an application does set the flag then we assume it knows
+     what it is doing and can handle the new informational codes
+     appropriately.
+     [Steve Henson]
+

   *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
      a general "ANY" type, as such it should be able to decode anything
      including tagged types. However it didn't check the class so it would
   *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
      a general "ANY" type, as such it should be able to decode anything
      including tagged types. However it didn't check the class so it would

diff --git a/NEWS b/NEWS
index 674703e80c77fd2ec1d65a5a77dcf2dee0fc53ec..ce1ba34436e1bda5b28f1988a66388ed46483564 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@
       o MD4 now included.
       o Bugfix for SSL rollback padding check.
       o Support for external crypto device[1].
       o MD4 now included.
       o Bugfix for SSL rollback padding check.
       o Support for external crypto device[1].

+      o Enhanced EVP interafce.

 
     [1] The support for external crypto devices is currently a separate
         distribution.  See the file README.ENGINE.
 
     [1] The support for external crypto devices is currently a separate
         distribution.  See the file README.ENGINE.

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index db62c9f6a348cead99bae90c22fa592edab3a160..0f4110cc64b23ae888d6cb8f09b2ac8134914633 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -339,16 +339,15 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
        ret = X509_check_issued(issuer, x);
        if (ret == X509_V_OK)
                return 1;
        ret = X509_check_issued(issuer, x);
        if (ret == X509_V_OK)
                return 1;

-       else
-               {
-               ctx->error = ret;
-               ctx->current_cert = x;
-               ctx->current_issuer = issuer;
-               if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb)
-                       return ctx->verify_cb(0, ctx);
-               else
-                       return 0;
-               }
+       /* If we haven't asked for issuer errors don't set ctx */
+       if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+               return 0;
+
+       ctx->error = ret;
+       ctx->current_cert = x;
+       ctx->current_issuer = issuer;
+       if (ctx->verify_cb)
+               return ctx->verify_cb(0, ctx);

        return 0;
 }
 
        return 0;
 }
 

diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index 4ab53322c506867d55480969605eae8536327c9e..ce99b5c345a12a93f654987d2602af621d1b0093 100644 (file)
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -325,7 +325,7 @@ Send encrypted mail using triple DES:
 Sign and encrypt mail:
 
  openssl smime -sign -in ml.txt -signer my.pem -text \
 Sign and encrypt mail:
 
  openssl smime -sign -in ml.txt -signer my.pem -text \

-       | openssl -encrypt -out mail.msg \
+       | openssl smime -encrypt -out mail.msg \

        -from steve@openssl.org -to someone@somewhere \
        -subject "Signed and Encrypted message" -des3 user.pem
 
        -from steve@openssl.org -to someone@somewhere \
        -subject "Signed and Encrypted message" -des3 user.pem