From 0c6323cd07364b6b3be5bd0d12b18554a073a079 Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan.karger@fox-it.com>
Date: Wed, 29 Aug 2018 14:04:46 +0200
Subject: [PATCH] mbedtls: print warning if random personalisation fails

... instead of when it doesn't fail.  Looks like 'someone' mixed up the
mbedtls return style (0 means success) with the openvpn internal return
style (true means success).

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <1535544286-29638-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17428.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit dd1da0e485a3d161feb5230b6aa57df11ea72705)
---
 src/openvpn/ssl_mbedtls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index 3f579e1e8..66e529fa8 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -853,7 +853,7 @@ tls_ctx_personalise_random(struct tls_root_ctx *ctx)
         const md_kt_t *sha256_kt = md_kt_get("SHA256");
         mbedtls_x509_crt *cert = ctx->crt_chain;
 
-        if (0 != md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash))
+        if (!md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash))
         {
             msg(M_WARN, "WARNING: failed to personalise random");
         }
-- 
2.47.2