From a79aed24327cfb2771062956399d5a54ede1e923 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 19 Feb 2014 11:10:26 +0100
Subject: [PATCH] corrected return codes.
---
lib/x509/verify.c | 22 ++++++++++++++--------
1 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 86a901e..d3f349b 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -106,7 +106,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
if (result < 0)
{
gnutls_assert ();
- goto cleanup;
+ goto fail;
}
result =
@@ -115,7 +115,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
if (result < 0)
{
gnutls_assert ();
- goto cleanup;
+ goto fail;
}
result =
@@ -123,7 +123,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
if (result < 0)
{
gnutls_assert ();
- goto cleanup;
+ goto fail;
}
result =
@@ -131,7 +131,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
if (result < 0)
{
gnutls_assert ();
- goto cleanup;
+ goto fail;
}
/* If the subject certificate is the same as the issuer
@@ -183,6 +183,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
else
gnutls_assert ();
+fail:
result = 0;
cleanup:
@@ -408,14 +409,15 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
if (issuer_version < 0)
{
gnutls_assert ();
- return issuer_version;
+ result = 0;
+ goto cleanup;
}
if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
|| issuer_version != 1))
{
- if (check_if_ca (cert, issuer, max_path, flags) == 0)
+ if (check_if_ca (cert, issuer, max_path, flags) != 1)
{
gnutls_assert ();
out = GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
@@ -446,6 +448,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
if (result < 0)
{
gnutls_assert ();
+ result = 0;
goto cleanup;
}
@@ -454,6 +457,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
if (result < 0)
{
gnutls_assert ();
+ result = 0;
goto cleanup;
}
@@ -461,6 +465,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
if (result < 0)
{
gnutls_assert ();
+ result = 0;
goto cleanup;
}
@@ -481,6 +486,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
else if (result < 0)
{
gnutls_assert();
+ result = 0;
goto cleanup;
}
@@ -650,7 +656,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1],
trusted_cas, tcas_size, flags, &output,
&issuer, now, &max_path, func);
- if (ret == 0)
+ if (ret != 1)
{
/* if the last certificate in the certificate
* list is invalid, then the certificate is not
@@ -681,7 +687,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
if ((ret =
_gnutls_verify_certificate2 (certificate_list[i - 1],
&certificate_list[i], 1, flags,
- &output, NULL, now, &max_path, func)) == 0)
+ &output, NULL, now, &max_path, func)) != 1)
{
status |= output;
status |= GNUTLS_CERT_INVALID;
--
1.7.1
distrib
>
Mageia
>
3
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
8a1aef662b776072ab98faf596045f00
>
files
>
1
