generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Only use the new informational verify codes if we

Browse Source 
specifically ask for them.

Fix typo in docs.
This commit is contained in:
Dr. Stephen Henson 2000-09-22 21:32:08 +00:00
parent 3f8b90c345
commit dbba890cf1
4 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGES
View File

@ -4,6 +4,14 @@
Changes between 0.9.5a and 0.9.6 [xx XXX 2000] Changes between 0.9.5a and 0.9.6 [xx XXX 2000]
*) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
not set then we don't setup the error code for issuer check errors
to avoid possibly overwriting other errors which the callback does
handle. If an application does set the flag then we assume it knows
what it is doing and can handle the new informational codes
appropriately.
[Steve Henson]
*) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
a general "ANY" type, as such it should be able to decode anything a general "ANY" type, as such it should be able to decode anything
including tagged types. However it didn't check the class so it would including tagged types. However it didn't check the class so it would

1
NEWS
View File

@ -15,6 +15,7 @@
o MD4 now included. o MD4 now included.
o Bugfix for SSL rollback padding check. o Bugfix for SSL rollback padding check.
o Support for external crypto device[1]. o Support for external crypto device[1].
o Enhanced EVP interafce.
[1] The support for external crypto devices is currently a separate [1] The support for external crypto devices is currently a separate
distribution. See the file README.ENGINE. distribution. See the file README.ENGINE.

19
crypto/x509/x509_vfy.c
View File

@ -339,16 +339,15 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
ret = X509_check_issued(issuer, x); ret = X509_check_issued(issuer, x);
if (ret == X509_V_OK) if (ret == X509_V_OK)
return 1; return 1;
else /* If we haven't asked for issuer errors don't set ctx */
{ if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
ctx->error = ret; return 0;
ctx->current_cert = x;
ctx->current_issuer = issuer; ctx->error = ret;
if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb) ctx->current_cert = x;
return ctx->verify_cb(0, ctx); ctx->current_issuer = issuer;
else if (ctx->verify_cb)
return 0; return ctx->verify_cb(0, ctx);
}
return 0; return 0;
} }

2
doc/apps/smime.pod
View File

@ -325,7 +325,7 @@ Send encrypted mail using triple DES:
Sign and encrypt mail: Sign and encrypt mail:
openssl smime -sign -in ml.txt -signer my.pem -text \ openssl smime -sign -in ml.txt -signer my.pem -text \
| openssl -encrypt -out mail.msg \ | openssl smime -encrypt -out mail.msg \
-from steve@openssl.org -to someone@somewhere \ -from steve@openssl.org -to someone@somewhere \
-subject "Signed and Encrypted message" -des3 user.pem -subject "Signed and Encrypted message" -des3 user.pem