Viktor Dukhovni a3baa17105 Fix missing ok=0 with locally blacklisted CAs
Also in X509_verify_cert() avoid using "i" not only as a loop
counter, but also as a trust outcome and as an error ordinal.

Finally, make sure that all "goto end" jumps return an error, with
"end" renamed to "err" accordingly.

[ The 1.1.0 version of X509_verify_cert() is major rewrite,
  which addresses these issues in a more systemic way. ]

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-05 10:54:11 -05:00
..
2015-07-07 21:48:55 +01:00
2015-07-07 21:48:55 +01:00
2015-10-23 20:32:59 +02:00
2015-03-02 15:26:41 +00:00
2016-01-02 11:14:05 -05:00
2016-01-17 16:58:48 -05:00
2015-01-22 09:31:38 +00:00
2015-01-22 09:31:38 +00:00