x509/name_constraints: documented return values and corrected return type

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c
index 38805b6fe044a4f23e1e9d90ccc7682c18ef25c3..c4d78026feb000968e48e7f48c48e218f7829b5c 100644 (file)
--- a/lib/x509/name_constraints.c
+++ b/lib/x509/name_constraints.c
@@ -837,6 +837,9 @@ name_constraints_intersect_nodes(name_constraints_node_st * nc1,
        return GNUTLS_E_SUCCESS;
 }
 
+/*
+ * Returns: true if the certification is acceptable, and false otherwise.
+ */
 static
 unsigned check_unsupported_constraint(gnutls_x509_name_constraints_t nc,
                                                                          gnutls_x509_subject_alt_name_t type)
@@ -1054,10 +1057,13 @@ unsigned gnutls_x509_name_constraints_check(gnutls_x509_name_constraints_t nc,
 /* This function checks for unsupported constraints, that we also
  * know their structure. That is it will fail only if the constraint
  * is present in the CA, _and_ the name in the end certificate contains
- * the constrained element. */
-static int check_unsupported_constraint2(gnutls_x509_crt_t cert, 
-                                        gnutls_x509_name_constraints_t nc,
-                                        gnutls_x509_subject_alt_name_t type)
+ * the constrained element.
+ *
+ * Returns: true if the certification is acceptable, and false otherwise
+ */
+static unsigned check_unsupported_constraint2(gnutls_x509_crt_t cert, 
+                                             gnutls_x509_name_constraints_t nc,
+                                             gnutls_x509_subject_alt_name_t type)
 {
        unsigned idx, found_one;
        char name[MAX_CN];