projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 093d20a) | patch
Fix missing ok=0 with locally blacklisted CAs
authorViktor Dukhovni <openssl-users@dukhovni.org>
Tue, 2 Feb 2016 09:35:27 +0000 (04:35 -0500)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Fri, 5 Feb 2016 15:54:11 +0000 (10:54 -0500)
commita3baa171053547488475709c7197592c66e427cf
treebe6605870d9229a17c93242b5fc4f50d8d433661tree | snapshot
parent093d20a8cb74e64d627fcd03532ba6b3150f1d1fcommit | diff
Fix missing ok=0 with locally blacklisted CAs

Also in X509_verify_cert() avoid using "i" not only as a loop
counter, but also as a trust outcome and as an error ordinal.

Finally, make sure that all "goto end" jumps return an error, with
"end" renamed to "err" accordingly.

[ The 1.1.0 version of X509_verify_cert() is major rewrite,
  which addresses these issues in a more systemic way. ]

Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/x509/x509_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.