x509: handle returns from X509_TRUST_get_by_id() more consistently

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17709)

(cherry picked from commit 7b3041eba1c6e177eede0d6311d53a6b9ff58051)

1 files changed, 4 insertions, 4 deletions

diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c
index 0888e16c15..fa30c738a7 100644
--- a/crypto/x509/x509_trust.c
+++ b/crypto/x509/x509_trust.c
@@ -72,7 +72,7 @@ int X509_check_trust(X509 *x, int id, int flags)
         return obj_trust(NID_anyExtendedKeyUsage, x,
                          flags | X509_TRUST_DO_SS_COMPAT);
     idx = X509_TRUST_get_by_id(id);
-    if (idx == -1)
+    if (idx < 0)
         return default_trust(id, x, flags);
     pt = X509_TRUST_get0(idx);
     return pt->check_trust(pt, x, flags);
@@ -112,7 +112,7 @@ int X509_TRUST_get_by_id(int id)
 
 int X509_TRUST_set(int *t, int trust)
 {
-    if (X509_TRUST_get_by_id(trust) == -1) {
+    if (X509_TRUST_get_by_id(trust) < 0) {
         ERR_raise(ERR_LIB_X509, X509_R_INVALID_TRUST);
         return 0;
     }
@@ -162,7 +162,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
     trtmp->arg2 = arg2;
 
     /* If its a new entry manage the dynamic table */
-    if (idx == -1) {
+    if (idx < 0) {
         if (trtable == NULL
             && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
             ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
@@ -175,7 +175,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
     }
     return 1;
  err:
-    if (idx == -1) {
+    if (idx < 0) {
         OPENSSL_free(trtmp->name);
         OPENSSL_free(trtmp);
     }