]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: aed4d5b) | patch
Ensure verify error is set when X509_verify_cert() fails
authorViktor Dukhovni <openssl-users@dukhovni.org>
Tue, 17 May 2016 22:25:40 +0000 (18:25 -0400)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Thu, 26 May 2016 20:36:49 +0000 (16:36 -0400)
commit3d4f83a5c4c0278ae136e70cdf0799d25f01cde3
tree6715619f3db750053a5516dfdeb2a3dfaa95f168tree | snapshot
parentaed4d5b7cb156a0fe66687f941a1aa79bf75efd1commit | diff
Ensure verify error is set when X509_verify_cert() fails

Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure.  Similarly for issuer lookup failures
and caller errors (bad parameters or invalid state).

Also, when X509_verify_cert() returns <= 0 make sure that the
verification status does not remain X509_V_OK, as a last resort set
it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns
an error without setting an appropriate value of ctx->error.

Add new and some missing error codes to X509 error -> SSL alert switch.

Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/x509/x509_txt.c diff | blob | blame | history
crypto/x509/x509_vfy.c diff | blob | blame | history
crypto/x509/x509_vfy.h diff | blob | blame | history
crypto/x509v3/v3_addr.c diff | blob | blame | history
ssl/s3_both.c diff | blob | blame | history
A mirror of the official openssl repository