libdes manpage.

[openssl.git] / crypto / x509 / x509_vfy.c

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index c779dab376534f2efd23a5e094ecf3db04d64636..3ddb2303d3809a31eb5cf351d75891f00fb5d7ef 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -436,11 +436,14 @@ static int internal_verify(X509_STORE_CTX *ctx)
                                }
                        if (X509_verify(xs,pkey) <= 0)
                                {
-                               EVP_PKEY_free(pkey);
                                ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
                                ctx->current_cert=xs;
                                ok=(*cb)(0,ctx);
-                               if (!ok) goto end;
+                               if (!ok)
+                                       {
+                                       EVP_PKEY_free(pkey);
+                                       goto end;
+                                       }
                                }
                        EVP_PKEY_free(pkey);
                        pkey=NULL;
@@ -536,7 +539,7 @@ int X509_cmp_current_time(ASN1_UTCTIME *ctm)
        atm.length=sizeof(buff2);
        atm.data=(unsigned char *)buff2;
 
-       X509_gmtime_adj(&atm,-offset);
+       X509_gmtime_adj(&atm,-offset*60);
 
        i=(buff1[0]-'0')*10+(buff1[1]-'0');
        if (i < 50) i+=100; /* cf. RFC 2459 */
@@ -717,7 +720,7 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
        return(ctx->chain);
        }
 
-STACK_OF(X509) *X509_STORE_CTX_rget_chain(X509_STORE_CTX *ctx)
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
        {
        int i;
        X509 *x;
@@ -768,18 +771,25 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
        if(!purpose) purpose = def_purpose;
        /* If we have a purpose then check it is valid */
        if(purpose) {
+               X509_PURPOSE *ptmp;
                idx = X509_PURPOSE_get_by_id(purpose);
                if(idx == -1) {
                        X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
                                                X509_R_UNKNOWN_PURPOSE_ID);
                        return 0;
                }
-               /* If trust not set then get from purpose default */
-               if(!trust) {
-                       X509_PURPOSE *ptmp;
-                       ptmp = X509_PURPOSE_iget(idx);
-                       trust = ptmp->trust;
+               ptmp = X509_PURPOSE_get0(idx);
+               if(ptmp->trust == X509_TRUST_DEFAULT) {
+                       idx = X509_PURPOSE_get_by_id(def_purpose);
+                       if(idx == -1) {
+                               X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                                               X509_R_UNKNOWN_PURPOSE_ID);
+                               return 0;
+                       }
+                       ptmp = X509_PURPOSE_get0(idx);
                }
+               /* If trust not set then get from purpose default */
+               if(!trust) trust = ptmp->trust;
        }
        if(trust) {
                idx = X509_TRUST_get_by_id(trust);