Only use the new informational verify codes if we

specifically ask for them. Fix typo in docs.
author: Dr. Stephen Henson <steve@openssl.org> 2000-09-22 21:32:08 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2000-09-22 21:32:08 +0000
commit: dbba890cf11f5ec1e44166a51e0a4062ccdc5279 (patch)
tree: 5b57dab75418e646c30b0edf502425da3924f2af /crypto/x509
parent: 3f8b90c34586f81ec58b16b11a78d5b4b5934575 (diff)
download: openssl-dbba890cf11f5ec1e44166a51e0a4062ccdc5279.tar.gz
1 files changed, 9 insertions, 10 deletions
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index db62c9f6a3..0f4110cc64 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -339,16 +339,15 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 	ret = X509_check_issued(issuer, x);
 	if (ret == X509_V_OK)
 		return 1;
-	else
-		{
-		ctx->error = ret;
-		ctx->current_cert = x;
-		ctx->current_issuer = issuer;
-		if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb)
-			return ctx->verify_cb(0, ctx);
-		else
-			return 0;
-		}
+	/* If we haven't asked for issuer errors don't set ctx */
+	if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+		return 0;
+
+	ctx->error = ret;
+	ctx->current_cert = x;
+	ctx->current_issuer = issuer;
+	if (ctx->verify_cb)
+		return ctx->verify_cb(0, ctx);
 	return 0;
 }
author	Dr. Stephen Henson <steve@openssl.org>	2000-09-22 21:32:08 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2000-09-22 21:32:08 +0000
commit	dbba890cf11f5ec1e44166a51e0a4062ccdc5279 (patch)
tree	5b57dab75418e646c30b0edf502425da3924f2af /crypto/x509
parent	3f8b90c34586f81ec58b16b11a78d5b4b5934575 (diff)
download	openssl-dbba890cf11f5ec1e44166a51e0a4062ccdc5279.tar.gz