Fix signed/unsigned warning.

[openssl.git] / ssl / ssl_cert.c

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 2965a44ff52e0d5b00b409b1bdd07dea3fdfe3cf..dcfdcde71ef1987e63bb0a286d5d807d1fbcb355 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -664,7 +664,7 @@ int ssl_cert_set_current(CERT *c, long op)
                return 0;
        for (i = idx; i < SSL_PKEY_NUM; i++)
                {
-               CERT_PKEY *cpk = c->key + i;
+               CERT_PKEY *cpk = c->pkeys + i;
                if (cpk->x509 && cpk->privatekey)
                        {
                        c->key = cpk;
@@ -841,7 +841,8 @@ TLSA_EX_DATA *SSL_get_TLSA_ex_data(SSL *ssl)
  *  0: match
  *  1: no match
  */
-static int tlsa_cmp(const X509 *cert, const unsigned char *tlsa_record, unsigned int reclen)
+static int tlsa_cmp(const X509 *cert, const unsigned char *tlsa_record,
+                   int reclen)
        {
        const EVP_MD *md;
        unsigned char digest[EVP_MAX_MD_SIZE];
@@ -1538,8 +1539,10 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
        i = X509_verify_cert(&xs_ctx);
        if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR)
                {
-               ERR_clear_error();
+               if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)
+                       ERR_clear_error();
                i = 1;
+               rv = 2;
                }
        if (i > 0)
                chain = X509_STORE_CTX_get1_chain(&xs_ctx);
@@ -1574,7 +1577,8 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
                        }
                }
        cpk->chain = chain;
-       rv = 1;
+       if (rv == 0)
+               rv = 1;
        err:
        if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
                X509_STORE_free(chain_store);