Ensure verify error is set when X509_verify_cert() fails

Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot continue due to malloc failure. Also, when X509_verify_cert() returns <= 0 make sure that the verification status does not remain X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns an error without setting an appropriate value of ctx->error. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-05-17 13:40:57 -0400
committer: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-05-18 15:16:37 -0400
commit: f3e235ed6faa82170d857fdec3287558eb906c58 (patch)
tree: 6be52b96d30e137d5c58eaa62264a67fd0b4ffdd /crypto/x509/x509_txt.c
parent: 5fba3912cc770bb035accb390653bda1a795f39e (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 293efcfb8e..5341e79669 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -161,6 +161,10 @@ const char *X509_verify_cert_error_string(long n)
         return ("CA certificate key too weak");
     case X509_V_ERR_CA_MD_TOO_WEAK:
         return ("CA signature digest algorithm too weak");
+    case X509_V_ERR_INVALID_CALL:
+        return ("Invalid certificate verification context");
+    case X509_V_ERR_STORE_LOOKUP:
+        return ("Issuer certificate lookup error");
 
     default:
         /* Printing an error number into a static buffer is not thread-safe */
author	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-05-17 13:40:57 -0400
committer	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-05-18 15:16:37 -0400
commit	f3e235ed6faa82170d857fdec3287558eb906c58 (patch)
tree	6be52b96d30e137d5c58eaa62264a67fd0b4ffdd /crypto/x509/x509_txt.c
parent	5fba3912cc770bb035accb390653bda1a795f39e (diff)