Skip to content
Commit a3baa171 authored by Viktor Dukhovni's avatar Viktor Dukhovni
Browse files

Fix missing ok=0 with locally blacklisted CAs



Also in X509_verify_cert() avoid using "i" not only as a loop
counter, but also as a trust outcome and as an error ordinal.

Finally, make sure that all "goto end" jumps return an error, with
"end" renamed to "err" accordingly.

[ The 1.1.0 version of X509_verify_cert() is major rewrite,
  which addresses these issues in a more systemic way. ]

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 093d20a8
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment