else
*result = xtmp;
}
- sk_X509_pop_free(certs, X509_free);
+ OSSL_STACK_OF_X509_free(certs);
return ret;
}
x = sk_X509_value(ctx->other_ctx, i);
if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) {
- sk_X509_pop_free(sk, X509_free);
+ OSSL_STACK_OF_X509_free(sk);
ctx->error = X509_V_ERR_OUT_OF_MEM;
return NULL;
}
GENERAL_NAMES *gs = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
if (gs == NULL)
- return -1;
+ return 0;
for (i = 0; i < sk_GENERAL_NAME_num(gs); i++) {
GENERAL_NAME *g = sk_GENERAL_NAME_value(gs, i);
}
X509_policy_tree_free(ctx->tree);
ctx->tree = NULL;
- sk_X509_pop_free(ctx->chain, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->chain);
ctx->chain = NULL;
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
{
- sk_X509_pop_free(ctx->chain, X509_free);
+ OSSL_STACK_OF_X509_free(ctx->chain);
ctx->chain = sk;
}
if (!ossl_assert(num == ctx->num_untrusted))
goto int_err;
curr = sk_X509_value(ctx->chain, num - 1);
- issuer = (X509_self_signed(curr, 0) || num > max_depth) ?
+ issuer = (X509_self_signed(curr, 0) > 0 || num > max_depth) ?
NULL : find_issuer(ctx, sk_untrusted, curr);
if (issuer == NULL) {
/*
return 0;
case X509_TRUST_UNTRUSTED:
default:
- switch(ctx->error) {
+ switch (ctx->error) {
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
CB_FAIL_IF(DANETLS_ENABLED(dane)
&& (!DANETLS_HAS_PKIX(dane) || dane->pdpth >= 0),
ctx, NULL, num - 1, X509_V_ERR_DANE_NO_MATCH);
- if (X509_self_signed(sk_X509_value(ctx->chain, num - 1), 0))
+ if (X509_self_signed(sk_X509_value(ctx->chain, num - 1), 0) > 0)
return verify_cb_cert(ctx, NULL, num - 1,
num == 1
? X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT