Commit 70dd3c65 authored by Viktor Dukhovni's avatar Viktor Dukhovni
Browse files

Tidy up x509_vfy callback handling 



Reviewed-by: default avatarDr. Stephen Henson <steve@openssl.org>
parent 0f1ef63b

crypto/x509/x509_lcl.h

+2 −1
Original line number Diff line number Diff line
@@ -81,7 +81,8 @@ struct X509_VERIFY_PARAM_st { 
    size_t iplen;               /* Length of IP address */

};



int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet);

/* No error callback if depth < 0 */

int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth);



/* a sequence of these are used */

struct x509_attributes_st {

crypto/x509/x509_lu.c

+2 −2
Original line number Diff line number Diff line
@@ -630,7 +630,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 
    }

    /* If certificate matches all OK */

    if (ctx->check_issued(ctx, x, obj.data.x509)) {

        if (x509_check_cert_time(ctx, obj.data.x509, 1)) {

        if (x509_check_cert_time(ctx, obj.data.x509, -1)) {

            *issuer = obj.data.x509;

            return 1;

        }
@@ -661,7 +661,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) 
                 * match if no certificate time is OK.

                 */



                if (x509_check_cert_time(ctx, *issuer, 1))

                if (x509_check_cert_time(ctx, *issuer, -1))

                    break;

            }

        }

crypto/x509/x509_vfy.c

+217 −286

File changed.

Preview size limit exceeded, changes collapsed.