check against the success value

diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 1bb71a7ca70547d0ecc61c96cc02386d28ebb12a..096bf6267d66321dbc90c045a5ce078129ae38ae 100644 (file)
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -636,7 +636,7 @@ verify_crt(gnutls_x509_crt_t cert,
        if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
            ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
             || issuer_version != 1)) {
-               if (check_if_ca(cert, issuer, max_path, flags) == 0) {
+               if (check_if_ca(cert, issuer, max_path, flags) != 1) {
                        gnutls_assert();
                        out =
                            GNUTLS_CERT_SIGNER_NOT_CA |
@@ -888,7 +888,7 @@ _gnutls_x509_verify_certificate(const gnutls_x509_crt_t * certificate_list,
                                          trusted_cas, tcas_size, flags,
                                          &output, &issuer, now, &max_path,
                                          nc, func);
-       if (ret == 0) {
+       if (ret != 1) {
                /* if the last certificate in the certificate
                 * list is invalid, then the certificate is not
                 * trusted.
@@ -916,7 +916,7 @@ _gnutls_x509_verify_certificate(const gnutls_x509_crt_t * certificate_list,
                     verify_crt(certificate_list[i - 1],
                                                 &certificate_list[i], 1,
                                                 flags, &output, NULL, now,
-                                                &max_path, nc, func)) == 0) {
+                                                &max_path, nc, func)) != 1) {
                        status |= output;
                        status |= GNUTLS_CERT_INVALID;
                        goto cleanup;