ocsp_vfy.c (238405) | ocsp_vfy.c (246772) |
---|---|
1/* ocsp_vfy.c */ 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2000. 4 */ 5/* ==================================================================== 6 * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without --- 77 unchanged lines hidden (view full) --- 86 goto end; 87 } 88 if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) 89 flags |= OCSP_NOVERIFY; 90 if (!(flags & OCSP_NOSIGS)) 91 { 92 EVP_PKEY *skey; 93 skey = X509_get_pubkey(signer); | 1/* ocsp_vfy.c */ 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2000. 4 */ 5/* ==================================================================== 6 * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without --- 77 unchanged lines hidden (view full) --- 86 goto end; 87 } 88 if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) 89 flags |= OCSP_NOVERIFY; 90 if (!(flags & OCSP_NOSIGS)) 91 { 92 EVP_PKEY *skey; 93 skey = X509_get_pubkey(signer); |
94 ret = OCSP_BASICRESP_verify(bs, skey, 0); 95 EVP_PKEY_free(skey); 96 if(ret <= 0) | 94 if (skey) |
97 { | 95 { |
96 ret = OCSP_BASICRESP_verify(bs, skey, 0); 97 EVP_PKEY_free(skey); 98 } 99 if(!skey || ret <= 0) 100 { |
|
98 OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); 99 goto end; 100 } 101 } 102 if (!(flags & OCSP_NOVERIFY)) 103 { 104 int init_res; 105 if(flags & OCSP_NOCHAIN) 106 init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); 107 else 108 init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); 109 if(!init_res) 110 { | 101 OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); 102 goto end; 103 } 104 } 105 if (!(flags & OCSP_NOVERIFY)) 106 { 107 int init_res; 108 if(flags & OCSP_NOCHAIN) 109 init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); 110 else 111 init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); 112 if(!init_res) 113 { |
114 ret = -1; |
|
111 OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); 112 goto end; 113 } 114 115 X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); 116 ret = X509_verify_cert(&ctx); 117 chain = X509_STORE_CTX_get1_chain(&ctx); 118 X509_STORE_CTX_cleanup(&ctx); --- 328 unchanged lines hidden --- | 115 OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); 116 goto end; 117 } 118 119 X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); 120 ret = X509_verify_cert(&ctx); 121 chain = X509_STORE_CTX_get1_chain(&ctx); 122 X509_STORE_CTX_cleanup(&ctx); --- 328 unchanged lines hidden --- |