summaryrefslogtreecommitdiffstats
path: root/src/crypto/x509/x509_vfy.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/x509/x509_vfy.c')
-rw-r--r--src/crypto/x509/x509_vfy.c40
1 files changed, 17 insertions, 23 deletions
diff --git a/src/crypto/x509/x509_vfy.c b/src/crypto/x509/x509_vfy.c
index 695793e..c62a6f5 100644
--- a/src/crypto/x509/x509_vfy.c
+++ b/src/crypto/x509/x509_vfy.c
@@ -141,7 +141,6 @@ static int check_crl_chain(X509_STORE_CTX *ctx,
STACK_OF(X509) *crl_path);
static int internal_verify(X509_STORE_CTX *ctx);
-const char X509_version[]="X.509";
static int null_callback(int ok, X509_STORE_CTX *e)
@@ -205,22 +204,26 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
return -1;
}
+ if (ctx->chain != NULL)
+ {
+ /* This X509_STORE_CTX has already been used to verify a
+ * cert. We cannot do another one. */
+ OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
cb=ctx->verify_cb;
/* first we make sure the chain we are going to build is
* present and that the first entry is in place */
- if (ctx->chain == NULL)
+ ctx->chain = sk_X509_new_null();
+ if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert))
{
- if ( ((ctx->chain=sk_X509_new_null()) == NULL) ||
- (!sk_X509_push(ctx->chain,ctx->cert)))
- {
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
- goto end;
- }
- X509_up_ref(ctx->cert);
- ctx->last_untrusted=1;
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
+ goto end;
}
+ X509_up_ref(ctx->cert);
+ ctx->last_untrusted = 1;
/* We use a temporary STACK so we can chop and hack at it */
if (ctx->untrusted != NULL
@@ -2093,14 +2096,14 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
return NULL;
}
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
/* This function is (usually) called only once, by
* SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
int index;
if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
- new_func, dup_func, free_func))
+ dup_func, free_func))
{
return -1;
}
@@ -2267,19 +2270,13 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
STACK_OF(X509) *chain)
{
int ret = 1;
- int ex_data_allocated = 0;
memset(ctx, 0, sizeof(X509_STORE_CTX));
ctx->ctx=store;
ctx->cert=x509;
ctx->untrusted=chain;
- if(!CRYPTO_new_ex_data(&g_ex_data_class, ctx,
- &ctx->ex_data))
- {
- goto err;
- }
- ex_data_allocated = 1;
+ CRYPTO_new_ex_data(&ctx->ex_data);
ctx->param = X509_VERIFY_PARAM_new();
if (!ctx->param)
@@ -2363,10 +2360,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
return 1;
err:
- if (ex_data_allocated)
- {
- CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data);
- }
+ CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data);
if (ctx->param != NULL)
{
X509_VERIFY_PARAM_free(ctx->param);
generated by cgit v1.1 at 2024-05-24 18:15:24 +0000