X509_check_mumble() failure is <= 0, not just 0

author Viktor Dukhovni <openssl-users@dukhovni.org>

Mon, 23 Jun 2014 00:14:53 +0000 (20:14 -0400)

committer Dr. Stephen Henson <steve@openssl.org>

Wed, 25 Jun 2014 17:21:36 +0000 (18:21 +0100)
author Viktor Dukhovni <openssl-users@dukhovni.org>
Mon, 23 Jun 2014 00:14:53 +0000 (20:14 -0400)
committer Dr. Stephen Henson <steve@openssl.org>
Wed, 25 Jun 2014 17:21:36 +0000 (18:21 +0100)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c

index acfe10bd04b53591d91d13bc92ed5364ef3b0913..3799036a6eb6dfc84015553ba260213346582332 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -724,17 +724,17 @@ static int check_id(X509_STORE_CTX *ctx)
         X509_VERIFY_PARAM *vpm = ctx->param;
         X509_VERIFY_PARAM_ID *id = vpm->id;
         X509 *x = ctx->cert;
-       if (id->host && !X509_check_host(x, id->host, 0, id->hostflags))
+       if (id->host && X509_check_host(x, id->host, 0, id->hostflags) <= 0)
                 {
                 if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
                         return 0;
                 }
-       if (id->email && !X509_check_email(x, id->email, id->emaillen, 0))
+       if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0)
                 {
                 if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
                         return 0;
                 }
-       if (id->ip && !X509_check_ip(x, id->ip, id->iplen, 0))
+       if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0)
                 {
                 if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
                         return 0;
author	Viktor Dukhovni <openssl-users@dukhovni.org>
	Mon, 23 Jun 2014 00:14:53 +0000 (20:14 -0400)
committer	Dr. Stephen Henson <steve@openssl.org>
	Wed, 25 Jun 2014 17:21:36 +0000 (18:21 +0100)