Fixed a bug in the return value of ssl_verify when pre_verify failed

author Adriaan de Jong <dejong@fox-it.com>

Wed, 3 Aug 2011 18:43:08 +0000 (20:43 +0200)

committer David Sommerseth <davids@redhat.com>

Sat, 22 Oct 2011 16:02:09 +0000 (18:02 +0200)
author Adriaan de Jong <dejong@fox-it.com>
Wed, 3 Aug 2011 18:43:08 +0000 (20:43 +0200)
committer David Sommerseth <davids@redhat.com>
Sat, 22 Oct 2011 16:02:09 +0000 (18:02 +0200)
diff --git a/ssl_verify_openssl.c b/ssl_verify_openssl.c

index a8e2e49b5f184fd4db01d0c2f058c301d92ae7b6..389641786b2e90fc59d5ed6c87906652839fd4f7 100644 (file)
--- a/ssl_verify_openssl.c
+++ b/ssl_verify_openssl.c
@@ -69,10 +69,12 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
  
        session->verified = false;
  
-      return 1;
+      return 0;
      }
  
-  return verify_cert(session, ctx->current_cert, ctx->error_depth);
+  if (SUCCESS == verify_cert(session, ctx->current_cert, ctx->error_depth))
+    return 1;
+  return 0;
  }
  
  #ifdef ENABLE_X509ALTUSERNAME
author	Adriaan de Jong <dejong@fox-it.com>
	Wed, 3 Aug 2011 18:43:08 +0000 (20:43 +0200)
committer	David Sommerseth <davids@redhat.com>
	Sat, 22 Oct 2011 16:02:09 +0000 (18:02 +0200)