In tls_ctx_use_external_private_key, the return codes were inverted
compared to what is documented in ssl_backend.h (and what can
reasonably be expected). Internally the return code is never checked,
so this did not directly result in any change of behavior.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
20180228135240.22945-1-joost@joostrijneveld.nl>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16577.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit
6bee1a1fc01f3d3ddf114b48e52e5b10d57033cb)
if (ctx->crt_chain == NULL)
{
- return 0;
+ return 1;
}
ALLOC_OBJ_CLEAR(ctx->external_key, struct external_context);
if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ctx->priv_key, ctx->external_key,
NULL, external_pkcs1_sign, external_key_len)))
{
- return 0;
+ return 1;
}
- return 1;
+ return 0;
}
#endif /* ifdef MANAGMENT_EXTERNAL_KEY */
X509_free(cert);
RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */
- return 1;
+ return 0;
err:
if (cert)
}
}
crypto_msg(M_FATAL, "Cannot enable SSL external private key capability");
- return 0;
+ return 1;
}
#endif /* ifdef MANAGMENT_EXTERNAL_KEY */
projects / thirdparty / openvpn.git / commitdiff
