From: Joost Rijneveld Date: Wed, 28 Feb 2018 13:52:40 +0000 (+0100) Subject: Make return code external tls key match docs X-Git-Tag: v2.5_beta1~489 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6bee1a1fc01f3d3ddf114b48e52e5b10d57033cb;p=thirdparty%2Fopenvpn.git Make return code external tls key match docs In tls_ctx_use_external_private_key, the return codes were inverted compared to what is documented in ssl_backend.h (and what can reasonably be expected). Internally the return code is never checked, so this did not directly result in any change of behavior. Acked-by: Gert Doering Message-Id: <20180228135240.22945-1-joost@joostrijneveld.nl> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16577.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 3906cd55f..8e31980a3 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -630,7 +630,7 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, if (ctx->crt_chain == NULL) { - return 0; + return 1; } ALLOC_OBJ_CLEAR(ctx->external_key, struct external_context); @@ -640,10 +640,10 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, if (!mbed_ok(mbedtls_pk_setup_rsa_alt(ctx->priv_key, ctx->external_key, NULL, external_pkcs1_sign, external_key_len))) { - return 0; + return 1; } - return 1; + return 0; } #endif /* ifdef MANAGMENT_EXTERNAL_KEY */ diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index d91458b0c..8ef68ebd7 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1327,11 +1327,11 @@ tls_ctx_use_external_private_key(struct tls_root_ctx *ctx, goto err; } #endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */ - return 1; + return 0; err: crypto_msg(M_FATAL, "Cannot enable SSL external private key capability"); - return 0; + return 1; } #endif /* ifdef MANAGMENT_EXTERNAL_KEY */