Make the necessary changes to work with the recent "ex_data" overhaul.

See the commit log message for that for more information. NB: X509_STORE_CTX's use of "ex_data" support was actually misimplemented (initialisation by "memset" won't/can't/doesn't work). This fixes that but requires that X509_STORE_CTX_init() be able to handle errors - so its prototype has been changed to return 'int' rather than 'void'. All uses of that function throughout the source code have been tracked down and adjusted.
author: Geoff Thorpe <geoff@openssl.org> 2001-09-01 20:02:13 +0000
committer: Geoff Thorpe <geoff@openssl.org> 2001-09-01 20:02:13 +0000
commit: 79aa04ef27f69a1149d4d0e72d2d2953b6241ef0 (patch)
tree: 28eb317ea6bcd7f391cffe2fe694e92224ce1ff8 /ssl/ssl_cert.c
parent: 3a0799977bcb154d044828e96a25a01eb478de51 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index ab2e00969a..fcd6ff90b6 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -455,7 +455,11 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 		return(0);
 
 	x=sk_X509_value(sk,0);
-	X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
+	if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
+		{
+		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
+		return(0);
+		}
 	if (SSL_get_verify_depth(s) >= 0)
 		X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
 	X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
author	Geoff Thorpe <geoff@openssl.org>	2001-09-01 20:02:13 +0000
committer	Geoff Thorpe <geoff@openssl.org>	2001-09-01 20:02:13 +0000
commit	79aa04ef27f69a1149d4d0e72d2d2953b6241ef0 (patch)
tree	28eb317ea6bcd7f391cffe2fe694e92224ce1ff8 /ssl/ssl_cert.c
parent	3a0799977bcb154d044828e96a25a01eb478de51 (diff)