diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-02-19 11:10:26 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-02-27 19:37:13 +0100 |
| commit | 45ff214ae756fc049ebefc2e0fec9e9575cf8eb0 (patch) | |
| tree | 05bffc5f6c783ff6451e565bd55ce5d3dc0978e1 | |
| parent | b1539b487e0e6d154f8f4a8b0a223e31f8e400fc (diff) | |
| download | gnutls-45ff214ae756fc049ebefc2e0fec9e9575cf8eb0.tar.gz | |
corrected return codes.
| -rw-r--r-- | lib/x509/verify.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 86a901eced..d3f349b9a4 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -106,7 +106,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, if (result < 0) { gnutls_assert (); - goto cleanup; + goto fail; } result = @@ -115,7 +115,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, if (result < 0) { gnutls_assert (); - goto cleanup; + goto fail; } result = @@ -123,7 +123,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, if (result < 0) { gnutls_assert (); - goto cleanup; + goto fail; } result = @@ -131,7 +131,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, if (result < 0) { gnutls_assert (); - goto cleanup; + goto fail; } /* If the subject certificate is the same as the issuer @@ -183,6 +183,7 @@ check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer, else gnutls_assert (); +fail: result = 0; cleanup: @@ -408,14 +409,15 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, if (issuer_version < 0) { gnutls_assert (); - return issuer_version; + result = 0; + goto cleanup; } if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) && ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) || issuer_version != 1)) { - if (check_if_ca (cert, issuer, max_path, flags) == 0) + if (check_if_ca (cert, issuer, max_path, flags) != 1) { gnutls_assert (); out = GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID; @@ -446,6 +448,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, if (result < 0) { gnutls_assert (); + result = 0; goto cleanup; } @@ -454,6 +457,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, if (result < 0) { gnutls_assert (); + result = 0; goto cleanup; } @@ -461,6 +465,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, if (result < 0) { gnutls_assert (); + result = 0; goto cleanup; } @@ -481,6 +486,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert, else if (result < 0) { gnutls_assert(); + result = 0; goto cleanup; } @@ -650,7 +656,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1], trusted_cas, tcas_size, flags, &output, &issuer, now, &max_path, func); - if (ret == 0) + if (ret != 1) { /* if the last certificate in the certificate * list is invalid, then the certificate is not @@ -681,7 +687,7 @@ _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list, if ((ret = _gnutls_verify_certificate2 (certificate_list[i - 1], &certificate_list[i], 1, flags, - &output, NULL, now, &max_path, func)) == 0) + &output, NULL, now, &max_path, func)) != 1) { status |= output; status |= GNUTLS_CERT_INVALID; |