X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Focsp%2Focsp_vfy.c;h=1f5fda7ca3100e4d90260bb850b5a5fdd994065c;hb=cdb42bcf0cbd5e7625ebab7c3df7caf8eb94764d;hp=da4c5b20a5b87c1bd9a5c8d328ecc24e707cb5ce;hpb=fafc7f987563ee2ea199ef27608f5a25a7cbe253;p=oweals%2Fopenssl.git diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index da4c5b20a5..1f5fda7ca3 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -101,10 +101,16 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, } if (!(flags & OCSP_NOVERIFY)) { + int init_res; if(flags & OCSP_NOCHAIN) - X509_STORE_CTX_init(&ctx, st, signer, NULL); + init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); else - X509_STORE_CTX_init(&ctx, st, signer, bs->certs); + init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); + if(!init_res) + { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); + goto end; + } X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); ret = X509_verify_cert(&ctx); @@ -144,7 +150,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, } ret = 1; } - + end: @@ -305,7 +311,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, if ((cid->issuerNameHash->length != mdlen) || (cid->issuerKeyHash->length != mdlen)) return 0; - iname = X509_get_issuer_name(cert); + iname = X509_get_subject_name(cert); if (!X509_NAME_digest(iname, dgst, md, NULL)) return -1; if (memcmp(md, cid->issuerNameHash->data, mdlen)) @@ -344,7 +350,7 @@ static int ocsp_check_delegated(X509 *x, int flags) } /* Verify an OCSP request. This is fortunately much easier than OCSP - * request verify. Just find the signers certificate and verify it + * response verify. Just find the signers certificate and verify it * against a given trust value. */ @@ -389,10 +395,17 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *st } if (!(flags & OCSP_NOVERIFY)) { + int init_res; if(flags & OCSP_NOCHAIN) - X509_STORE_CTX_init(&ctx, store, signer, NULL); + init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL); else - X509_STORE_CTX_init(&ctx, store, signer, req->optionalSignature->certs); + init_res = X509_STORE_CTX_init(&ctx, store, signer, + req->optionalSignature->certs); + if(!init_res) + { + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB); + return 0; + } X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);