CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2020/11/03 11:39:18
Modified files:
usr.bin/openssl: verify.c
Log message:
X509_verify_cert()'s return value is not reliable if the callback
returns 1. verify.c's cb() ignores a bunch of things to display as
much info as possible. Thus, check the error code on the store ctx
as well, similar to OpenSSL commit d9e309a6 (old licence).
This makes openssl verify error on expired certs, at least with the
legacy verify code.
While here, fix a number of style issues, simplify and plug a leak.
ok inoguchi
