projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5fba391) | patch
Ensure verify error is set when X509_verify_cert() fails
authorViktor Dukhovni <openssl-users@dukhovni.org>
Tue, 17 May 2016 17:40:57 +0000 (13:40 -0400)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Wed, 18 May 2016 19:16:37 +0000 (15:16 -0400)
commitf3e235ed6faa82170d857fdec3287558eb906c58
tree6be52b96d30e137d5c58eaa62264a67fd0b4ffddtree | snapshot
parent5fba3912cc770bb035accb390653bda1a795f39ecommit | diff
Ensure verify error is set when X509_verify_cert() fails

Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure.  Also, when X509_verify_cert()
returns <= 0 make sure that the verification status does not remain
X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED,
just in case some code path returns an error without setting an
appropriate value of ctx->error.

Reviewed-by: Richard Levitte <levitte@openssl.org>
crypto/x509/x509_txt.c diff | blob | history
crypto/x509/x509_vfy.c diff | blob | history
crypto/x509v3/v3_addr.c diff | blob | history
doc/crypto/X509_verify_cert.pod diff | blob | history
include/openssl/x509_vfy.h diff | blob | history
ssl/statem/statem_lib.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.