From: Adriaan de Jong <dejong@fox-it.com>
Date: Wed, 3 Aug 2011 18:43:08 +0000 (+0200)
Subject: Fixed a bug in the return value of ssl_verify when pre_verify failed
X-Git-Tag: v2.3-alpha1~82
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4ce976fb280fc279fc2f9e6478ca55716cf3d081;p=thirdparty%2Fopenvpn.git

Fixed a bug in the return value of ssl_verify when pre_verify failed

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
---

diff --git a/ssl_verify_openssl.c b/ssl_verify_openssl.c
index a8e2e49b5..389641786 100644
--- a/ssl_verify_openssl.c
+++ b/ssl_verify_openssl.c
@@ -69,10 +69,12 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx)
 
       session->verified = false;
 
-      return 1;
+      return 0;
     }
 
-  return verify_cert(session, ctx->current_cert, ctx->error_depth);
+  if (SUCCESS == verify_cert(session, ctx->current_cert, ctx->error_depth))
+    return 1;
+  return 0;
 }
 
 #ifdef ENABLE_X509ALTUSERNAME