From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Fri, 7 Dec 2012 14:00:13 +0000 (+0200)
Subject: SSL server certificate validator implementation: Ssl::CertValidationMsg::parseRespons... 
X-Git-Tag: SQUID_3_4_0_1~454
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=46901eed7c0a8de80bbddeee254af24ec4d14183;p=thirdparty%2Fsquid.git

SSL server certificate validator implementation: Ssl::CertValidationMsg::parseResponse fix

The parsed SSL errors returned by cert validator checking is wrong and causes
the Ssl::CertValidationMsg::parseResponse method to return false on valid
messages
---

diff --git a/src/ssl/cert_validate_message.cc b/src/ssl/cert_validate_message.cc
index ceee3014d2..1110982355 100644
--- a/src/ssl/cert_validate_message.cc
+++ b/src/ssl/cert_validate_message.cc
@@ -132,7 +132,7 @@ Ssl::CertValidationMsg::parseResponse(CertValidationResponse &resp, STACK_OF(X50
     /*Run through parsed errors to check for errors*/
     typedef Ssl::CertValidationResponse::RecvdErrors::const_iterator SVCRECI;
     for (SVCRECI i = resp.errors.begin(); i != resp.errors.end(); ++i) {
-        if (i->error_no != SSL_ERROR_NONE) {
+        if (i->error_no == SSL_ERROR_NONE) {
             debugs(83, DBG_IMPORTANT, "WARNING: cert validator incomplete response: Missing error name from error_id: " << i->id);
             return false;
         }