From 78f3a2aad79b25fc25498f5afa6ca0bbe01bf863 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Sun, 28 Jan 2001 14:38:11 +0000 Subject: [PATCH] Comment and indentation --- crypto/x509/x509_trs.c | 8 ++++---- crypto/x509/x509_vfy.c | 7 +++++++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 0de252c65d..7a41bc2d82 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -99,10 +99,10 @@ static int tr_cmp(const X509_TRUST * const *a, int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) { -int (*oldtrust)(int , X509 *, int); -oldtrust = default_trust; -default_trust = trust; -return oldtrust; + int (*oldtrust)(int , X509 *, int); + oldtrust = default_trust; + default_trust = trust; + return oldtrust; } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 73eecd6ee4..5d88efd4a0 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -488,6 +488,13 @@ static int internal_verify(X509_STORE_CTX *ctx) if (!ok) goto end; } if (X509_verify(xs,pkey) <= 0) + /* XXX For the final trusted self-signed cert, + * this is a waste of time. That check should + * optional so that e.g. 'openssl x509' can be + * used to detect invalid self-signatures, but + * we don't verify again and again in SSL + * handshakes and the like once the cert has + * been declared trusted. */ { ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert=xs; -- 2.39.2