SSL server certificate validator implementation: Ssl::CertValidationMsg::parseRespons...

The parsed SSL errors returned by cert validator checking is wrong and causes
the Ssl::CertValidationMsg::parseResponse method to return false on valid
messages

diff --git a/src/ssl/cert_validate_message.cc b/src/ssl/cert_validate_message.cc
index ceee3014d25b435569af02a4946521b96518ac3a..1110982355f7c746f49f305505a900c88e784a09 100644 (file)
--- a/src/ssl/cert_validate_message.cc
+++ b/src/ssl/cert_validate_message.cc
@@ -132,7 +132,7 @@ Ssl::CertValidationMsg::parseResponse(CertValidationResponse &resp, STACK_OF(X50
     /*Run through parsed errors to check for errors*/
     typedef Ssl::CertValidationResponse::RecvdErrors::const_iterator SVCRECI;
     for (SVCRECI i = resp.errors.begin(); i != resp.errors.end(); ++i) {
-        if (i->error_no != SSL_ERROR_NONE) {
+        if (i->error_no == SSL_ERROR_NONE) {
             debugs(83, DBG_IMPORTANT, "WARNING: cert validator incomplete response: Missing error name from error_id: " << i->id);
             return false;
         }