diff options
author | Bodo Möller <bodo@openssl.org> | 2001-01-28 14:38:11 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2001-01-28 14:38:11 +0000 |
commit | 78f3a2aad79b25fc25498f5afa6ca0bbe01bf863 (patch) | |
tree | 5394996e038f96dfffa8fae203f12e49e09b9281 /crypto/x509 | |
parent | b847024026c4e16371bf05adc4a9d88500472336 (diff) | |
download | openssl-78f3a2aad79b25fc25498f5afa6ca0bbe01bf863.tar.gz |
Comment and indentation
Diffstat (limited to 'crypto/x509')
-rw-r--r-- | crypto/x509/x509_trs.c | 8 | ||||
-rw-r--r-- | crypto/x509/x509_vfy.c | 7 |
2 files changed, 11 insertions, 4 deletions
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 0de252c65d..7a41bc2d82 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -99,10 +99,10 @@ static int tr_cmp(const X509_TRUST * const *a, int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) { -int (*oldtrust)(int , X509 *, int); -oldtrust = default_trust; -default_trust = trust; -return oldtrust; + int (*oldtrust)(int , X509 *, int); + oldtrust = default_trust; + default_trust = trust; + return oldtrust; } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 73eecd6ee4..5d88efd4a0 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -488,6 +488,13 @@ static int internal_verify(X509_STORE_CTX *ctx) if (!ok) goto end; } if (X509_verify(xs,pkey) <= 0) + /* XXX For the final trusted self-signed cert, + * this is a waste of time. That check should + * optional so that e.g. 'openssl x509' can be + * used to detect invalid self-signatures, but + * we don't verify again and again in SSL + * handshakes and the like once the cert has + * been declared trusted. */ { ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; ctx->current_cert=xs; |