From: Dr. Stephen Henson Date: Fri, 22 Sep 2000 21:32:08 +0000 (+0000) Subject: Only use the new informational verify codes if we X-Git-Tag: OpenSSL-engine-0_9_6~2^2~8 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=dbba890cf11f5ec1e44166a51e0a4062ccdc5279;p=oweals%2Fopenssl.git Only use the new informational verify codes if we specifically ask for them. Fix typo in docs. --- diff --git a/CHANGES b/CHANGES index 7645d6f5f9..26fb7f8a89 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.5a and 0.9.6 [xx XXX 2000] + *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is + not set then we don't setup the error code for issuer check errors + to avoid possibly overwriting other errors which the callback does + handle. If an application does set the flag then we assume it knows + what it is doing and can handle the new informational codes + appropriately. + [Steve Henson] + *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for a general "ANY" type, as such it should be able to decode anything including tagged types. However it didn't check the class so it would diff --git a/NEWS b/NEWS index 674703e80c..ce1ba34436 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,7 @@ o MD4 now included. o Bugfix for SSL rollback padding check. o Support for external crypto device[1]. + o Enhanced EVP interafce. [1] The support for external crypto devices is currently a separate distribution. See the file README.ENGINE. diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index db62c9f6a3..0f4110cc64 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -339,16 +339,15 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) ret = X509_check_issued(issuer, x); if (ret == X509_V_OK) return 1; - else - { - ctx->error = ret; - ctx->current_cert = x; - ctx->current_issuer = issuer; - if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb) - return ctx->verify_cb(0, ctx); - else - return 0; - } + /* If we haven't asked for issuer errors don't set ctx */ + if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK)) + return 0; + + ctx->error = ret; + ctx->current_cert = x; + ctx->current_issuer = issuer; + if (ctx->verify_cb) + return ctx->verify_cb(0, ctx); return 0; } diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index 4ab53322c5..ce99b5c345 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -325,7 +325,7 @@ Send encrypted mail using triple DES: Sign and encrypt mail: openssl smime -sign -in ml.txt -signer my.pem -text \ - | openssl -encrypt -out mail.msg \ + | openssl smime -encrypt -out mail.msg \ -from steve@openssl.org -to someone@somewhere \ -subject "Signed and Encrypted message" -des3 user.pem