return 0;
for (i = idx; i < SSL_PKEY_NUM; i++)
{
- CERT_PKEY *cpk = c->key + i;
+ CERT_PKEY *cpk = c->pkeys + i;
if (cpk->x509 && cpk->privatekey)
{
c->key = cpk;
* 0: match
* 1: no match
*/
-static int tlsa_cmp(const X509 *cert, const unsigned char *tlsa_record, unsigned int reclen)
+static int tlsa_cmp(const X509 *cert, const unsigned char *tlsa_record,
+ int reclen)
{
const EVP_MD *md;
unsigned char digest[EVP_MAX_MD_SIZE];
i = X509_verify_cert(&xs_ctx);
if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR)
{
- ERR_clear_error();
+ if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)
+ ERR_clear_error();
i = 1;
+ rv = 2;
}
if (i > 0)
chain = X509_STORE_CTX_get1_chain(&xs_ctx);
}
}
cpk->chain = chain;
- rv = 1;
+ if (rv == 0)
+ rv = 1;
err:
if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
X509_STORE_free(chain_store);