From: Joost Rijneveld Date: Wed, 28 Feb 2018 13:52:40 +0000 (+0100) Subject: Make return code external tls key match docs X-Git-Tag: v2.4.6~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1f342aad6a13aaae1cc54f632498e0646a1bfe1a;p=thirdparty%2Fopenvpn.git Make return code external tls key match docs In tls_ctx_use_external_private_key, the return codes were inverted compared to what is documented in ssl_backend.h (and what can reasonably be expected). Internally the return code is never checked, so this did not directly result in any change of behavior. Acked-by: Gert Doering Message-Id: <20180228135240.22945-1-joost@joostrijneveld.nl> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16577.html Signed-off-by: Gert Doering (cherry picked from commit 6bee1a1fc01f3d3ddf114b48e52e5b10d57033cb) --- diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 74b4726d3..3f579e1e8 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -630,7 +630,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, if (ctx->crt_chain == NULL) { - return 0; + return 1; } ALLOC_OBJ_CLEAR(ctx->external_key, struct external_context); @@ -640,10 +640,10 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ctx->priv_key, ctx->external_key, NULL, external_pkcs1_sign, external_key_len))) { - return 0; + return 1; } - return 1; + return 0; } #endif /* ifdef MANAGMENT_EXTERNAL_KEY */ diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index f23d2461c..e57b6d2aa 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1168,7 +1168,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, X509_free(cert); RSA_free(rsa); /* doesn't necessarily free, just decrements refcount */ - return 1; + return 0; err: if (cert) @@ -1187,7 +1187,7 @@ err: } } crypto_msg(M_FATAL, "Cannot enable SSL external private key capability"); - return 0; + return 1; } #endif /* ifdef MANAGMENT_EXTERNAL_KEY */