Fix strange formatting by indent

[oweals/openssl.git] / crypto / x509 / x509_vfy.c

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index b85456e65bc6aeb89b792c12ef5daf78f1f5452b..55debad478023b605645d39b30ef5a5998d068b1 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -97,7 +97,6 @@ static int x509_subject_cmp(X509 **a, X509 **b)
 int X509_verify_cert(X509_STORE_CTX *ctx)
        {
        X509 *x,*xtmp,*chain_ss=NULL;
-       X509_NAME *xn;
        int bad_chain = 0;
        X509_VERIFY_PARAM *param = ctx->param;
        int depth,i,ok=0;
@@ -149,7 +148,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                                         */
 
                /* If we are self signed, we break */
-               xn=X509_get_issuer_name(x);
                if (ctx->check_issued(ctx, x,x)) break;
 
                /* If we were passed a cert chain, use it first */
@@ -186,7 +184,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 
        i=sk_X509_num(ctx->chain);
        x=sk_X509_value(ctx->chain,i-1);
-       xn = X509_get_subject_name(x);
        if (ctx->check_issued(ctx, x, x))
                {
                /* we have a self signed certificate */
@@ -235,7 +232,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                if (depth < num) break;
 
                /* If we are self signed, we break */
-               xn=X509_get_issuer_name(x);
                if (ctx->check_issued(ctx,x,x)) break;
 
                ok = ctx->get_issuer(&xtmp, ctx, x);
@@ -254,7 +250,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                }
 
        /* we now have our chain, lets check it... */
-       xn=X509_get_issuer_name(x);
 
        /* Is last certificate looked up self signed? */
        if (!ctx->check_issued(ctx,x,x))
@@ -402,14 +397,15 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
        cb=ctx->verify_cb;
 
-       /* must_be_ca can have 1 of 3 values:
-          -1: we accept both CA and non-CA certificates, to allow direct
-              use of self-signed certificates (which are marked as CA).
-          0:  we only accept non-CA certificates.  This is currently not
-              used, but the possibility is present for future extensions.
-          1:  we only accept CA certificates.  This is currently used for
-              all certificates in the chain except the leaf certificate.
-       */
+       /*-
+        *  must_be_ca can have 1 of 3 values:
+        * -1: we accept both CA and non-CA certificates, to allow direct
+        *     use of self-signed certificates (which are marked as CA).
+        * 0:  we only accept non-CA certificates.  This is currently not
+        *     used, but the possibility is present for future extensions.
+        * 1:  we only accept CA certificates.  This is currently used for
+        *     all certificates in the chain except the leaf certificate.
+        */
        must_be_ca = -1;
 
        /* A hack to keep people who don't want to modify their software
@@ -1102,7 +1098,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
        atm.length=sizeof(buff2);
        atm.data=(unsigned char *)buff2;
 
-       if (X509_time_adj(&atm,-offset*60, cmp_time) == NULL)
+       if (X509_time_adj(&atm, offset*60, cmp_time) == NULL)
                return 0;
 
        if (ctm->type == V_ASN1_UTCTIME)
@@ -1380,7 +1376,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        if (store)
                ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
        else
-               ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
+               ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
 
        if (store)
                {