diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-05-17 13:40:57 -0400 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-05-18 15:16:37 -0400 |
commit | f3e235ed6faa82170d857fdec3287558eb906c58 (patch) | |
tree | 6be52b96d30e137d5c58eaa62264a67fd0b4ffdd /doc | |
parent | 5fba3912cc770bb035accb390653bda1a795f39e (diff) |
Ensure verify error is set when X509_verify_cert() fails
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure. Also, when X509_verify_cert()
returns <= 0 make sure that the verification status does not remain
X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED,
just in case some code path returns an error without setting an
appropriate value of ctx->error.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/crypto/X509_verify_cert.pod | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod index 6b4ff7e742..c7a7bb4b12 100644 --- a/doc/crypto/X509_verify_cert.pod +++ b/doc/crypto/X509_verify_cert.pod @@ -32,7 +32,7 @@ OpenSSL internally for certificate validation, in both the S/MIME and SSL/TLS code. A negative return value from X509_verify_cert() can occur if it is invoked -incurrectly, such as with no certificate set in B<ctx>, or when it is called +incorrectly, such as with no certificate set in B<ctx>, or when it is called twice in succession without reinitialising B<ctx> for the second call. A negative return value can also happen due to internal resource problems or if a retry operation is requested during internal lookups (which never happens |