diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-02-09 14:17:13 -0500 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2016-02-10 12:34:06 -0500 |
commit | d33def662443c4b534c6b261a3b01f3960339c78 (patch) | |
tree | 4e95fd943d9df02700d60d5dbb493a6a2d4dec05 /crypto/x509/x509_vfy.c | |
parent | 056be06b4dfd7eaf7914febd043e9b446e1ed772 (diff) | |
download | openssl-d33def662443c4b534c6b261a3b01f3960339c78.tar.gz |
Deprecate the -issuer_checks debugging option
This was a developer debugging feature and was never a useful public
interface.
Added all missing X509 error codes to the verify(1) manpage, but
many still need a description beyond the associated text string.
Sorted the errors in x509_txt.c by error number.
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'crypto/x509/x509_vfy.c')
-rw-r--r-- | crypto/x509/x509_vfy.c | 11 |
1 files changed, 1 insertions, 10 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index f8b9b503ac..ae07f37f36 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -318,16 +318,7 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) } } - if (ret == X509_V_OK) - return 1; - /* If we haven't asked for issuer errors don't set ctx */ - if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) - return 0; - - ctx->error = ret; - ctx->current_cert = x; - ctx->current_issuer = issuer; - return ctx->verify_cb(0, ctx); + return (ret == X509_V_OK); } /* Alternative lookup method: look from a STACK stored in other_ctx */ |