Ensure verify error is set when X509_verify_cert() fails

Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot continue due to malloc failure. Also, when X509_verify_cert() returns <= 0 make sure that the verification status does not remain X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns an error without setting an appropriate value of ctx->error. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-05-17 13:40:57 -0400
committer: Viktor Dukhovni <openssl-users@dukhovni.org> 2016-05-18 15:16:37 -0400
commit: f3e235ed6faa82170d857fdec3287558eb906c58 (patch)
tree: 6be52b96d30e137d5c58eaa62264a67fd0b4ffdd /doc
parent: 5fba3912cc770bb035accb390653bda1a795f39e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod
index 6b4ff7e742..c7a7bb4b12 100644
--- a/doc/crypto/X509_verify_cert.pod
+++ b/doc/crypto/X509_verify_cert.pod
@@ -32,7 +32,7 @@ OpenSSL internally for certificate validation, in both the S/MIME and
 SSL/TLS code.
 
 A negative return value from X509_verify_cert() can occur if it is invoked
-incurrectly, such as with no certificate set in B<ctx>, or when it is called
+incorrectly, such as with no certificate set in B<ctx>, or when it is called
 twice in succession without reinitialising B<ctx> for the second call.
 A negative return value can also happen due to internal resource problems or if
 a retry operation is requested during internal lookups (which never happens
author	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-05-17 13:40:57 -0400
committer	Viktor Dukhovni <openssl-users@dukhovni.org>	2016-05-18 15:16:37 -0400
commit	f3e235ed6faa82170d857fdec3287558eb906c58 (patch)
tree	6be52b96d30e137d5c58eaa62264a67fd0b4ffdd /doc
parent	5fba3912cc770bb035accb390653bda1a795f39e (diff)