CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2020/11/03 11:39:18
Modified files: usr.bin/openssl: verify.c Log message: X509_verify_cert()'s return value is not reliable if the callback returns 1. verify.c's cb() ignores a bunch of things to display as much info as possible. Thus, check the error code on the store ctx as well, similar to OpenSSL commit d9e309a6 (old licence). This makes openssl verify error on expired certs, at least with the legacy verify code. While here, fix a number of style issues, simplify and plug a leak. ok inoguchi