int ret = -1;
if (ctx == NULL) {
- OCSPerr(0, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_OCSP, ERR_R_MALLOC_FAILURE);
goto end;
}
if (!X509_STORE_CTX_init(ctx, st, signer, untrusted)) {
- OCSPerr(0, ERR_R_X509_LIB);
+ ERR_raise(ERR_LIB_OCSP, ERR_R_X509_LIB);
goto end;
}
if ((vp = X509_STORE_CTX_get0_param(ctx)) == NULL)
ret = X509_verify_cert(ctx);
if (ret <= 0) {
ret = X509_STORE_CTX_get_error(ctx);
- OCSPerr(0, OCSP_R_CERTIFICATE_VERIFY_ERROR);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR);
ERR_add_error_data(2, "Verify error:",
X509_verify_cert_error_string(ret));
goto end;
if ((flags & OCSP_NOSIGS) == 0) {
if ((skey = X509_get0_pubkey(signer)) == NULL) {
- OCSPerr(0, OCSP_R_NO_SIGNER_KEY);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_SIGNER_KEY);
return -1;
}
if (req != NULL)
else
ret = OCSP_BASICRESP_verify(bs, skey);
if (ret <= 0)
- OCSPerr(0, OCSP_R_SIGNATURE_FAILURE);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNATURE_FAILURE);
}
return ret;
}
int ret = ocsp_find_signer(&signer, bs, certs, flags);
if (ret == 0) {
- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
- OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
goto end;
}
if ((ret == 2) && (flags & OCSP_TRUSTOTHER) != 0)
x = sk_X509_value(chain, sk_X509_num(chain) - 1);
if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_ROOT_CA_NOT_TRUSTED);
ret = 0;
goto end;
}
int ret;
if (sk_X509_num(chain) <= 0) {
- OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
return -1;
}
idcount = sk_OCSP_SINGLERESP_num(sresp);
if (idcount <= 0) {
- OCSPerr(OCSP_F_OCSP_CHECK_IDS,
- OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
return -1;
}
unsigned char md[EVP_MAX_MD_SIZE];
if (dgst == NULL) {
- OCSPerr(0, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
return -1;
}
mdlen = EVP_MD_size(dgst);
if (mdlen < 0) {
- OCSPerr(0, OCSP_R_DIGEST_SIZE_ERR);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_SIZE_ERR);
return -1;
}
if (cid->issuerNameHash.length != mdlen ||
return 0;
iname = X509_get_subject_name(cert);
if (!X509_NAME_digest(iname, dgst, md, NULL)) {
- OCSPerr(0, OCSP_R_DIGEST_NAME_ERR);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_NAME_ERR);
return -1;
}
if (memcmp(md, cid->issuerNameHash.data, mdlen) != 0)
return 0;
if (!X509_pubkey_digest(cert, dgst, md, NULL)) {
- OCSPerr(0, OCSP_R_DIGEST_ERR);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_ERR);
return -1;
}
if (memcmp(md, cid->issuerKeyHash.data, mdlen) != 0)
if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
&& (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
return 1;
- OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_MISSING_OCSPSIGNING_USAGE);
return 0;
}
int ret;
if (!req->optionalSignature) {
- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_REQUEST_NOT_SIGNED);
return 0;
}
gen = req->tbsRequest.requestorName;
if (!gen || gen->type != GEN_DIRNAME) {
- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
- OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
return 0; /* not returning -1 here for backward compatibility*/
}
nm = gen->d.directoryName;
ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
if (ret <= 0) {
- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
- OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+ ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
return 0; /* not returning -1 here for backward compatibility*/
}
if ((ret == 2) && (flags & OCSP_TRUSTOTHER) != 0)
projects / openssl.git / blobdiff