generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Comment and indentation

Browse Source
This commit is contained in:
Bodo Möller 2001-01-28 14:38:11 +00:00
parent b847024026
commit 78f3a2aad7
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/x509/x509_trs.c
View File

@ -99,10 +99,10 @@ static int tr_cmp(const X509_TRUST * const *a,
int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
{ {
int (*oldtrust)(int , X509 *, int); int (*oldtrust)(int , X509 *, int);
oldtrust = default_trust; oldtrust = default_trust;
default_trust = trust; default_trust = trust;
return oldtrust; return oldtrust;
} }

7
crypto/x509/x509_vfy.c
View File

@ -488,6 +488,13 @@ static int internal_verify(X509_STORE_CTX *ctx)
if (!ok) goto end; if (!ok) goto end;
} }
if (X509_verify(xs,pkey) <= 0) if (X509_verify(xs,pkey) <= 0)
/* XXX For the final trusted self-signed cert,
* this is a waste of time. That check should
* optional so that e.g. 'openssl x509' can be
* used to detect invalid self-signatures, but
* we don't verify again and again in SSL
* handshakes and the like once the cert has
* been declared trusted. */
{ {
ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
ctx->current_cert=xs; ctx->current_cert=xs;