From e34e91d7e575a2f69119601f2d34655cb6816148 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Thu, 4 Mar 2021 21:18:45 +0100 Subject: danetest.c: Improve code formatting Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/14422) --- doc/man3/X509_STORE_set_verify_cb_func.pod | 26 +++++++++++++------------- test/danetest.c | 20 +++++++++----------- 2 files changed, 22 insertions(+), 24 deletions(-) diff --git a/doc/man3/X509_STORE_set_verify_cb_func.pod b/doc/man3/X509_STORE_set_verify_cb_func.pod index 00b2270b59..5e59cbe5cc 100644 --- a/doc/man3/X509_STORE_set_verify_cb_func.pod +++ b/doc/man3/X509_STORE_set_verify_cb_func.pod @@ -122,14 +122,14 @@ X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn =head1 DESCRIPTION -X509_STORE_set_verify_cb() sets the verification callback of B to -B overwriting the previous callback. +X509_STORE_set_verify_cb() sets the verification callback of I to +I overwriting the previous callback. The callback assigned with this function becomes a default for the one that can be assigned directly to the corresponding B, please see L for further information. X509_STORE_set_verify() sets the final chain verification function for -B to B. +I to I. Its purpose is to go through the chain of certificates and check that all signatures are valid and that the current time is within the limits of each certificate's first and last validity time. @@ -145,17 +145,17 @@ or at least the most recently expired match if there is no currently valid one. If the function returns 1 the caller is responsible for freeing I<*issuer>. X509_STORE_set_get_issuer() sets the function I -to get the "best" candidate issuer certificate of the given certificate B. +to get the "best" candidate issuer certificate of the given certificate I. When such a certificate is found, I must up-ref and assign it -to B<*issuer> and then return 1. +to I<*issuer> and then return 1. Otherwise I must return 0 if not found and -1 (or 0) on failure. If X509_STORE_set_get_issuer() is not used or I is NULL then X509_STORE_CTX_get1_issuer() is used as the default implementation. X509_STORE_set_check_issued() sets the function to check that a given -certificate B is issued by the issuer certificate B. -This function must return 0 on failure (among others if B hasn't -been issued with B) and 1 on success. +certificate I is issued by the issuer certificate I. +This function must return 0 on failure (among others if I hasn't +been issued with I) and 1 on success. I @@ -168,20 +168,20 @@ I X509_STORE_set_get_crl() sets the function to get the crl for a given -certificate B. -When found, the crl must be assigned to B<*crl>. +certificate I. +When found, the crl must be assigned to I<*crl>. This function must return 0 on failure and 1 on success. I X509_STORE_set_check_crl() sets the function to check the validity of -the given B. +the given I. This function must return 0 on failure and 1 on success. I X509_STORE_set_cert_crl() sets the function to check the revocation -status of the given certificate B against the given B. +status of the given certificate I against the given I. This function must return 0 on failure and 1 on success. I @@ -194,7 +194,7 @@ function will be used instead.> X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the functions to look up all the certs or all the CRLs that match the -given name B. +given name I. These functions return NULL on failure and a pointer to a stack of certificates (B) or to a stack of CRLs (B) on success. diff --git a/test/danetest.c b/test/danetest.c index 7d4b0c88a7..6217e5470d 100644 --- a/test/danetest.c +++ b/test/danetest.c @@ -20,7 +20,7 @@ #include #include #ifndef OPENSSL_NO_ENGINE -#include +# include #endif #include "testutil.h" @@ -68,10 +68,10 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) ssl))) goto end; - X509_STORE_CTX_set_default(store_ctx, - SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); + X509_STORE_CTX_set_default(store_ctx, SSL_is_server(ssl) + ? "ssl_client" : "ssl_server"); X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx), - SSL_get0_param(ssl)); + SSL_get0_param(ssl)); store_ctx_dane_init(store_ctx, ssl); if (SSL_get_verify_callback(ssl) != NULL) @@ -95,7 +95,7 @@ static STACK_OF(X509) *load_chain(BIO *fp, int nelem) char *header = 0; unsigned char *data = 0; long len; - char *errtype = 0; /* if error: cert or pkey? */ + char *errtype = 0; /* if error: cert or pkey? */ STACK_OF(X509) *chain; typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long); @@ -107,8 +107,8 @@ static STACK_OF(X509) *load_chain(BIO *fp, int nelem) && PEM_read_bio(fp, &name, &header, &data, &len) == 1; ++count) { if (strcmp(name, PEM_STRING_X509) == 0 - || strcmp(name, PEM_STRING_X509_TRUSTED) == 0 - || strcmp(name, PEM_STRING_X509_OLD) == 0) { + || strcmp(name, PEM_STRING_X509_TRUSTED) == 0 + || strcmp(name, PEM_STRING_X509_OLD) == 0) { d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) != 0 ? d2i_X509_AUX : d2i_X509; X509 *cert; @@ -391,10 +391,8 @@ static int run_tlsatest(void) || !TEST_ptr(ctx = SSL_CTX_new(TLS_client_method())) || !TEST_int_gt(SSL_CTX_dane_enable(ctx), 0) || !TEST_true(SSL_CTX_load_verify_file(ctx, CAfile)) - || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1), - 0) - || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2), - 0) + || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1), 0) + || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2), 0) || !TEST_int_gt(test_tlsafile(ctx, basedomain, f, tlsafile), 0)) goto end; ret = 1; -- cgit v1.2.3