Added GNUTLS_CERT_INVALID and GNUTLS_CERT_VALID of CertificateStatus flags,

which replace GNUTLS_CERT_NOT_TRUSTED.

3 files changed, 13 insertions, 13 deletions

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index b16e5729ec..3e07694e7c 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -120,7 +120,7 @@ typedef enum AlertDescription { GNUTLS_A_CLOSE_NOTIFY, GNUTLS_A_UNEXPECTED_MESSA
 #define GNUTLS_AlertDescription AlertDescription
 
 typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, 
-	GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, 
+	GNUTLS_CERT_VALID, GNUTLS_CERT_INVALID, GNUTLS_CERT_EXPIRED, 
 	GNUTLS_CERT_REVOKED, GNUTLS_CERT_CORRUPTED,
 	GNUTLS_CERT_NONE 
 } CertificateStatus;
diff --git a/lib/x509_sig_check.c b/lib/x509_sig_check.c
index c7fb60fd98..f5af5bb0b4 100644
--- a/lib/x509_sig_check.c
+++ b/lib/x509_sig_check.c
@@ -1,5 +1,5 @@
 /*
- *      Copyright (C) 2001 Nikos Mavroyanopoulos
+ *      Copyright (C) 2001,2002 Nikos Mavroyanopoulos
  *
  * This file is part of GNUTLS.
  *
@@ -207,7 +207,7 @@ gnutls_datum tbs;
 			if (_pkcs1_rsa_verify_sig( &signature, &tbs, issuer->params)!=0) {
 				gnutls_assert();
 				gnutls_free_datum( &tbs);
-				return GNUTLS_CERT_NOT_TRUSTED;
+				return GNUTLS_CERT_INVALID;
 			}
 
 			gnutls_free_datum(&tbs);
@@ -218,7 +218,7 @@ gnutls_datum tbs;
 			if (_gnutls_dsa_verify( &tbs, &signature, issuer->params)!=0) {
 				gnutls_assert();
 				gnutls_free_datum( &tbs);
-				return GNUTLS_CERT_NOT_TRUSTED;
+				return GNUTLS_CERT_INVALID;
 			}
 
 			gnutls_free_datum(&tbs);
diff --git a/lib/x509_verify.c b/lib/x509_verify.c
index 8af966f4b5..90213e6328 100644
--- a/lib/x509_verify.c
+++ b/lib/x509_verify.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2001 Nikos Mavroyanopoulos <nmav@hellug.gr>
+ * Copyright (C) 2001,2002 Nikos Mavroyanopoulos <nmav@hellug.gr>
  *
  * This file is part of GNUTLS.
  *
@@ -273,7 +273,7 @@ int gnutls_verify_certificate2(gnutls_cert * cert, gnutls_cert * trusted_cas, in
 /* CRL is ignored for now */
 
 	gnutls_cert *issuer;
-	CertificateStatus ret = GNUTLS_CERT_NOT_TRUSTED;
+	CertificateStatus ret = GNUTLS_CERT_INVALID;
 
 	if (tcas_size >= 1)
 		issuer = find_issuer(cert, trusted_cas, tcas_size);
@@ -287,7 +287,7 @@ int gnutls_verify_certificate2(gnutls_cert * cert, gnutls_cert * trusted_cas, in
 	 */
 	if (issuer == NULL) {
 		gnutls_assert();
-		return GNUTLS_CERT_NOT_TRUSTED;
+		return GNUTLS_CERT_INVALID;
 	}
 	
         ret = gnutls_x509_verify_signature(cert, issuer);
@@ -325,7 +325,7 @@ int _gnutls_x509_verify_certificate( gnutls_cert * certificate_list,
 {
 	int i = 0;
 	int expired = 0;
-	CertificateStatus ret=GNUTLS_CERT_NOT_TRUSTED;
+	CertificateStatus ret=GNUTLS_CERT_INVALID;
 
 	if (tcas_size == 0) {
 		return ret;
@@ -340,14 +340,14 @@ int _gnutls_x509_verify_certificate( gnutls_cert * certificate_list,
 			 /*
 			 * We only accept the given certificate to be
 			 * expired. If any of the certificates in the
-			 * certificate list is expired then the certificate
-			 * is not trusted.
+			 * certificate chain is expired then the certificate
+			 * is not valid.
 			 */
 			if (ret == GNUTLS_CERT_EXPIRED) {
 				if (i==0) expired = 1;
-				else return GNUTLS_CERT_NOT_TRUSTED;
+				else return GNUTLS_CERT_INVALID;
 			} else
-				return GNUTLS_CERT_NOT_TRUSTED;
+				return GNUTLS_CERT_INVALID;
 		}
 	}
 
@@ -361,7 +361,7 @@ int _gnutls_x509_verify_certificate( gnutls_cert * certificate_list,
 		 * list is expired, then the certificate is not
 		 * trusted.
 		 */
-		return GNUTLS_CERT_NOT_TRUSTED;
+		return GNUTLS_CERT_INVALID;
 	} else
 		if (ret != GNUTLS_CERT_TRUSTED)
 			return ret;